From 9f4b17b2507e227349b5f9a55d4c80b9320536f4 Mon Sep 17 00:00:00 2001
From: Parth Dagia <parth.24bcs10414@sst.scaler.com>
Date: Fri, 17 Apr 2026 02:57:08 +0530
Subject: [PATCH] fix: add missing request field validation to all
 ViewDataRoute endpoints

All four ViewDataRoute.py endpoints access request.json fields
directly without validate_json_fields, unlike every other route
file in the API. A request with any missing field crashes with
KeyError and returns a raw 500 stack trace to the client.

This was the same bug class fixed by PR #79 across 10 other routes
and tracked in issues #77 and #185, but ViewDataRoute was missed
when those fixes landed.

Adds validate_json_fields calls to:
- viewData (1 field: casename)
- viewTEData (1 field: casename)
- updateViewData (10 fields: casename, year, ScId, groupId,
  paramId, TechId, CommId, EmisId, Timeslice, value)
- updateTEViewData (7 fields: casename, scId, groupId, paramId,
  techId, emisId, value)
---
 API/Routes/Case/ViewDataRoute.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/API/Routes/Case/ViewDataRoute.py b/API/Routes/Case/ViewDataRoute.py
index 6f442a9c2..b4e87e57c 100644
--- a/API/Routes/Case/ViewDataRoute.py
+++ b/API/Routes/Case/ViewDataRoute.py
@@ -1,11 +1,15 @@
 from flask import Blueprint, jsonify, request
 from Classes.Case.OsemosysClass import Osemosys
+from utils import validate_json_fields
 
 viewdata_api = Blueprint('ViewDataRoute', __name__)
 
 @viewdata_api.route("/viewData", methods=['POST'])
 def viewData():
     try:
+        err, code = validate_json_fields('casename')
+        if err:
+            return err, code
         casename = request.json['casename']
         if casename != None:
             osy = Osemosys(casename)
@@ -23,6 +27,9 @@ def viewData():
 @viewdata_api.route("/viewTEData", methods=['POST'])
 def viewTEData():
     try:
+        err, code = validate_json_fields('casename')
+        if err:
+            return err, code
         casename = request.json['casename']
         if casename != None:
             osy = Osemosys(casename)
@@ -39,7 +46,9 @@ def viewTEData():
 @viewdata_api.route("/updateViewData", methods=['POST'])
 def updateViewData():
     try:
-        #casename, updateType, groupId, paramId, TechId, CommId, EmisId, Timeslice
+        err, code = validate_json_fields('casename', 'year', 'ScId', 'groupId', 'paramId', 'TechId', 'CommId', 'EmisId', 'Timeslice', 'value')
+        if err:
+            return err, code
         casename = request.json['casename']
         #updateType = request.json['updateType']
         year = request.json['year']
@@ -72,7 +81,9 @@ def updateViewData():
 @viewdata_api.route("/updateTEViewData", methods=['POST'])
 def updateTEViewData():
     try:
-        #casename, updateType, groupId, paramId, TechId, CommId, EmisId, Timeslice
+        err, code = validate_json_fields('casename', 'scId', 'groupId', 'paramId', 'techId', 'emisId', 'value')
+        if err:
+            return err, code
         casename = request.json['casename']
         scId = request.json['scId']
         groupId = request.json['groupId']