Correct alert_after

hc/api/management/commands/ensuretriggers.py

@@ -13,7 +13,7 @@ CREATE OR REPLACE FUNCTION update_alert_after()
 RETURNS trigger AS $update_alert_after$
     BEGIN
         IF NEW.last_ping IS NOT NULL THEN
-            NEW.alert_after := NEW.last_ping + NEW.timeout;
+            NEW.alert_after := NEW.last_ping + NEW.timeout + '1 hour';
         END IF;
         RETURN NEW;
     END;

hc/front/views.py

@@ -1,4 +1,5 @@
 from django.contrib.auth.decorators import login_required
+from django.http import HttpResponseForbidden
 from django.shortcuts import redirect, render
 from django.utils import timezone
 
@@ -51,6 +52,9 @@ def update_name(request, code):
     assert request.method == "POST"
 
     check = Check.objects.get(code=code)
+    if check.user != request.user:
+        return HttpResponseForbidden()
+
     check.name = request.POST["name"]
     check.save()
 
@@ -61,9 +65,12 @@ def update_name(request, code):
 def update_timeout(request, code):
     assert request.method == "POST"
 
+    check = Check.objects.get(code=code)
+    if check.user != request.user:
+        return HttpResponseForbidden()
+
     form = TimeoutForm(request.POST)
     if form.is_valid():
-        check = Check.objects.get(code=code)
         check.timeout = form.cleaned_data["timeout"]
         check.save()
 

templates/pricing.html

@@ -24,7 +24,7 @@
                         <li class="list-group-item"><i class="fa fa-check"></i> Unlimited notifications</li>
                     </ul>
                     <div class="panel-footer">
-                        <a class="btn btn-lg btn-block btn-success" href="#">Get Started</a>
+                        <a class="btn btn-lg btn-block btn-success" href="{% url 'hc-login' %}">Get Started</a>
                     </div>
                 </div>
             </div>