Fix big leak in type-checking add/update args for taggable classes

[plcapi.git] / PLC / Methods / UpdateInterface.py

diff --git a/PLC/Methods/UpdateInterface.py b/PLC/Methods/UpdateInterface.py
index dad6420..48f3822 100644 (file)
--- a/PLC/Methods/UpdateInterface.py
+++ b/PLC/Methods/UpdateInterface.py
@@ -31,7 +31,7 @@ class UpdateInterface(Method):
 
     roles = ['admin', 'pi', 'tech']
 
-    accepted_fields = Row.accepted_fields(can_update, [Interface.fields,Interface.tags])
+    accepted_fields = Row.accepted_fields(can_update, [Interface.fields,Interface.tags],exclude=True)
 
     accepts = [
         Auth(),
@@ -43,6 +43,8 @@ class UpdateInterface(Method):
 
     def call(self, auth, interface_id, interface_fields):
 
+        interface_fields = Row.check_fields (interface_fields, self.accepted_fields)
+
         [native,tags,rejected] = Row.split_fields(interface_fields,[Interface.fields,Interface.tags])
 
         if rejected: