diff --git a/pandora/edit/models.py b/pandora/edit/models.py index cde58199..9efa82fd 100644 --- a/pandora/edit/models.py +++ b/pandora/edit/models.py @@ -65,6 +65,11 @@ class Edit(models.Model): clip.index = 0 else: clip.index +=1 + # dont add clip if in/out are invalid + if not clip.annotation: + duration = clip.item.sort.duration + if clip.start >= clip.end or clip.start >= duration or clip.end > duration: + return False clip.save() return clip diff --git a/pandora/edit/views.py b/pandora/edit/views.py index 1aa80476..91e4f5b4 100644 --- a/pandora/edit/views.py +++ b/pandora/edit/views.py @@ -41,7 +41,10 @@ def addClip(request): edit = get_edit_or_404_json(data['edit']) if edit.editable(request.user): clip = edit.add_clip(data) - response['data'] = clip.json(request.user) + if not clip: + response = json_response(status=500, text='invalid in/out') + else: + response['data'] = clip.json(request.user) else: response = json_response(status=403, text='permission denied') return render_to_json_response(response) @@ -87,6 +90,7 @@ def editClip(request): response = json_response() data = json.loads(request.POST['data']) clip = get_object_or_404_json(models.Clip, pk=ox.fromAZ(data['id'])) + valid = False if clip.edit.editable(request.user): for key in ('in', 'out'): if key in data: @@ -95,8 +99,14 @@ def editClip(request): clip.end = clip.annotation.end clip.annotation = None setattr(clip, {'in': 'start', 'out': 'end'}.get(key), float(data[key])) - clip.save() - response['data'] = clip.json(user=request.user) + if not clip.annotation: + duration = clip.item.sort.duration + if clip.start >= clip.end or clip.start >= duration or clip.end > duration: + response = json_response(status=500, text='invalid in/out') + valid = False + if valid: + clip.save() + response['data'] = clip.json(user=request.user) else: response = json_response(status=403, text='permission denied') return render_to_json_response(response)