Ensure bot/infractions does not accept both expires and permanent filters

Expires and permanent=false are permitted and tested for. Expires_before also filters the database for permanent=false explicitly

2 files changed, 47 insertions, 0 deletions

diff --git a/pydis_site/apps/api/tests/test_infractions.py b/pydis_site/apps/api/tests/test_infractions.py
index d717ab48..967698ff 100644
--- a/pydis_site/apps/api/tests/test_infractions.py
+++ b/pydis_site/apps/api/tests/test_infractions.py
@@ -204,6 +204,35 @@ class InfractionTests(APISubdomainTestCase):
         self.assertIn("expires_before", errors)
         self.assertIn("expires_after", errors)
 
+    def test_permanent_after_invalid(self):
+        url = reverse('bot:infraction-list', host='api')
+        target_time = datetime.datetime.utcnow() + datetime.timedelta(hours=5)
+        response = self.client.get(f'{url}?permanent=true&expires_after={target_time.isoformat()}')
+
+        self.assertEqual(response.status_code, 400)
+        errors = list(response.json())
+        self.assertEqual("permanent", errors[0])
+
+    def test_permanent_before_invalid(self):
+        url = reverse('bot:infraction-list', host='api')
+        target_time = datetime.datetime.utcnow() + datetime.timedelta(hours=5)
+        response = self.client.get(f'{url}?permanent=true&expires_before={target_time.isoformat()}')
+
+        self.assertEqual(response.status_code, 400)
+        errors = list(response.json())
+        self.assertEqual("permanent", errors[0])
+
+    def test_nonpermanent_before(self):
+        url = reverse('bot:infraction-list', host='api')
+        target_time = datetime.datetime.utcnow() + datetime.timedelta(hours=6)
+        response = self.client.get(
+            f'{url}?permanent=false&expires_before={target_time.isoformat()}'
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(len(response.json()), 1)
+        self.assertEqual(response.json()[0]["id"], self.superstar_expires_soon.id)
+
     def test_filter_manytypes(self):
         url = reverse('bot:infraction-list', host='api')
         response = self.client.get(f'{url}?types=mute,ban')
diff --git a/pydis_site/apps/api/viewsets/bot/infraction.py b/pydis_site/apps/api/viewsets/bot/infraction.py
index 0baab6fd..f8b0cb9d 100644
--- a/pydis_site/apps/api/viewsets/bot/infraction.py
+++ b/pydis_site/apps/api/viewsets/bot/infraction.py
@@ -56,6 +56,7 @@ class InfractionViewSet(
     Invalid query parameters are ignored.
     Only one of `type` and `types` may be provided. If both `expires_before` and `expires_after`
     are provided, `expires_after` must come after `expires_before`.
+    If `permanent` is provided and true, `expires_before` and `expires_after` must not be provided.
 
     #### Response format
     Response is paginated but the result is returned without any pagination metadata.
@@ -201,6 +202,23 @@ class InfractionViewSet(
                     'expires_after': ['cannot be before expires_before'],
                 })
 
+        if (
+            ('expires_at__lte' in additional_filters or 'expires_at__gte' in additional_filters)
+            and 'expires_at__isnull' in additional_filters
+            and additional_filters['expires_at__isnull']
+        ):
+            raise ValidationError({
+                'permanent': [
+                    'cannot filter for permanent infractions at the'
+                    ' same time as expires_at or expires_before',
+                ]
+            })
+
+        if filter_expires_before:
+            # Filter out permanent infractions specifically if we want ones that will expire
+            # before a given date
+            additional_filters['expires_at__isnull'] = False
+
         filter_types = self.request.query_params.get('types')
         if filter_types:
             if self.request.query_params.get('type'):