diff --git a/hc/front/tests/test_add_check.py b/hc/front/tests/test_add_check.py
index 32501425..3cd5a6c7 100644
--- a/hc/front/tests/test_add_check.py
+++ b/hc/front/tests/test_add_check.py
@@ -32,6 +32,14 @@ class AddCheckTestCase(BaseTestCase):
r = self.client.get(self.url)
self.assertEqual(r.status_code, 405)
+ def test_it_requires_rw_access(self):
+ self.bobs_membership.rw = False
+ self.bobs_membership.save()
+
+ self.client.login(username="bob@example.org", password="password")
+ r = self.client.post(self.url)
+ self.assertEqual(r.status_code, 403)
+
def test_it_obeys_check_limit(self):
self.profile.check_limit = 0
self.profile.save()
diff --git a/hc/front/tests/test_details.py b/hc/front/tests/test_details.py
index f2b0b3ee..1d5417ad 100644
--- a/hc/front/tests/test_details.py
+++ b/hc/front/tests/test_details.py
@@ -55,4 +55,5 @@ class DetailsTestCase(BaseTestCase):
self.assertNotContains(r, "edit-name", status_code=200)
self.assertNotContains(r, "edit-desc")
+ self.assertNotContains(r, "pause-btn")
self.assertNotContains(r, "Change Schedule")
diff --git a/hc/front/tests/test_my_checks.py b/hc/front/tests/test_my_checks.py
index c16908f3..cb0e5c16 100644
--- a/hc/front/tests/test_my_checks.py
+++ b/hc/front/tests/test_my_checks.py
@@ -17,6 +17,8 @@ class MyChecksTestCase(BaseTestCase):
self.client.login(username=email, password="password")
r = self.client.get(self.url)
self.assertContains(r, "Alice Was Here", status_code=200)
+ # The pause button:
+ self.assertContains(r, "btn btn-default pause", status_code=200)
# last_active_date should have been set
self.profile.refresh_from_db()
@@ -125,3 +127,15 @@ class MyChecksTestCase(BaseTestCase):
self.client.login(username="alice@example.org", password="password")
r = self.client.get(self.url)
self.assertContains(r, """foo
""")
+
+ def test_it_hides_actions_from_readonly_users(self):
+ self.bobs_membership.rw = False
+ self.bobs_membership.save()
+
+ self.client.login(username="bob@example.org", password="password")
+ r = self.client.get(self.url)
+
+ self.assertNotContains(r, "Add Check", status_code=200)
+
+ # The pause button:
+ self.assertNotContains(r, "btn btn-default pause", status_code=200)
diff --git a/hc/front/tests/test_pause.py b/hc/front/tests/test_pause.py
index ca170d64..22c2f973 100644
--- a/hc/front/tests/test_pause.py
+++ b/hc/front/tests/test_pause.py
@@ -46,3 +46,11 @@ class PauseTestCase(BaseTestCase):
self.client.login(username="alice@example.org", password="password")
r = self.client.post(self.url, HTTP_X_REQUESTED_WITH="XMLHttpRequest")
self.assertEqual(r.status_code, 200)
+
+ def test_it_requires_rw_access(self):
+ self.bobs_membership.rw = False
+ self.bobs_membership.save()
+
+ self.client.login(username="bob@example.org", password="password")
+ r = self.client.post(self.url)
+ self.assertEqual(r.status_code, 403)
diff --git a/hc/front/views.py b/hc/front/views.py
index 931077b0..7125a169 100644
--- a/hc/front/views.py
+++ b/hc/front/views.py
@@ -323,6 +323,9 @@ def docs_cron(request):
@login_required
def add_check(request, code):
project, rw = _get_project_for_user(request, code)
+ if not rw:
+ return HttpResponseForbidden()
+
if project.num_checks_available() <= 0:
return HttpResponseBadRequest()
@@ -461,6 +464,8 @@ def ping_details(request, code, n=None):
@login_required
def pause(request, code):
check, rw = _get_check_for_user(request, code)
+ if not rw:
+ return HttpResponseForbidden()
check.status = "paused"
check.last_start = None
diff --git a/templates/front/details.html b/templates/front/details.html
index e222d3d8..b2692a89 100644
--- a/templates/front/details.html
+++ b/templates/front/details.html
@@ -129,6 +129,7 @@
+ {% if rw %}
+ {% endif %}
+
+{% if rw %}
{% if num_available > 0 %}
@@ -57,6 +59,7 @@
{% endif %}
+{% endif %}
{% include "front/update_name_modal.html" %}
{% include "front/update_timeout_modal.html" %}
diff --git a/templates/front/my_checks_desktop.html b/templates/front/my_checks_desktop.html
index 13c3734d..5da9824f 100644
--- a/templates/front/my_checks_desktop.html
+++ b/templates/front/my_checks_desktop.html
@@ -126,9 +126,11 @@
+ {% if rw %}
+ {% endif %}
|