Project

General

Profile

Actions
Copy link

Bug #36

closed

ServiceLine Field Accepts ObjectId in Product Categories API even when they don't correspond to any existing record in the database.

Added by Vivek Kumar 29 days ago. Updated 29 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
03/23/2026
Due date:
% Done:

100%

Estimated time:

Description

Endpoint:https://api.akinderwellness.com:4001/api/productCategories/add

Description
The serviceLine field is accepting arbitrary ObjectId values even when they do not correspond to any existing record in the database.

Steps to Reproduce
Send a POST request to the endpoint with a random ObjectId in the serviceLine field:

{
  "name": "Electronics",
  "description": "",
  "serviceLine": "68c3f959e0742f0f56243221",
  "status": "Active"
}

Observe that the request succeeds even if the serviceLine does not exist in the database.

Expected Behavior
The API should validate that the provided serviceLine:

  • Is a valid ObjectId format
  • Exists in the ServiceLine collection

Actual Behavior
Only ObjectId format is validated
No check is performed to verify existence in the database

Note A postman request is created to reproduce the issue.

Actions
Copy link

Also available in: Atom PDF