Allow simultaneous access to dashboards from different teams

6 years ago · 19ef8b3f7b
--- a/hc/front/tests/test_status.py
+++ b/hc/front/tests/test_status.py
@ -12,7 +12,8 @@ class MyChecksTestCase(BaseTestCase):
    def test_it_works(self):
        self.client.login(username="[email protected]", password="password")
        r = self.client.get("/checks/status/")
        r = self.client.get("/teams/alice/checks/status/")
        self.assertEqual(r.status_code, 200)
        doc = r.json()
        self.assertEqual(doc["tags"]["foo"], "up")
@ -21,3 +22,19 @@ class MyChecksTestCase(BaseTestCase):
        self.assertEqual(detail["code"], str(self.check.code))
        self.assertEqual(detail["status"], "new")
        self.assertIn("Never", detail["last_ping"])
    def test_it_allows_cross_team_access(self):
        self.bobs_profile.current_team = None
        self.bobs_profile.save()
        self.client.login(username="[email protected]", password="password")
        r = self.client.get("/teams/alice/checks/status/")
        self.assertEqual(r.status_code, 200)
    def test_it_checks_ownership(self):
        self.bobs_profile.current_team = None
        self.bobs_profile.save()
        self.client.login(username="[email protected]", password="password")
        r = self.client.get("/teams/alice/checks/status/")
        self.assertEqual(r.status_code, 404)
--- a/hc/front/urls.py
+++ b/hc/front/urls.py
@ -51,7 +51,7 @@ urlpatterns = [
    path('checks/', views.my_checks, name="hc-checks"),
    path('checks/add/', views.add_check, name="hc-add-check"),
    path('checks/cron_preview/', views.cron_preview),
    path('checks/status/', views.status),
    path('teams/<str:username>/checks/status/', views.status, name="hc-status"),
    path('checks/<uuid:code>/', include(check_urls)),
    path('integrations/', include(channel_urls)),
--- a/hc/front/views.py
+++ b/hc/front/views.py
@ -77,6 +77,19 @@ def _get_check_for_user(request, code):
        raise Http404("not found")
 def _has_access(request, username):
    """ Return true if current user has access to the specified account. """
    if request.user.username == username:
        return True
    if request.user.is_superuser:
        return True
    mq = request.user.memberships
    return mq.filter(team__user__username=username).exists()
@login_required
 def my_checks(request):
    if request.GET.get("sort") in VALID_SORT_VALUES:
@ -130,8 +143,11 @@ def my_checks(request):
@login_required
 def status(request):
    checks = list(Check.objects.filter(user_id=request.team.user_id))
 def status(request, username):
    if not _has_access(request, username):
        raise Http404("not found")
    checks = list(Check.objects.filter(user__username=username))
    details = []
    for check in checks:
--- a/static/js/checks.js
+++ b/static/js/checks.js
@ -159,9 +159,10 @@ $(function () {
    // is active, every 60s otherwise
    var lastStatus = {};
    var lastPing = {};
    adaptiveSetInterval(function() {
    var statusUrl = $("#checks-table").data("status-url");
    function refreshStatus() {
        $.ajax({
            url: "/checks/status/",
            url: statusUrl,
            dataType: "json",
            timeout: 2000,
            success: function(data) {
@ -192,7 +193,12 @@ $(function () {
                }
            }
        });
    });
    }
    // Schedule regular status updates:
    if (statusUrl) {
        adaptiveSetInterval(refreshStatus);
    }
    // Copy to clipboard
    var clipboard = new Clipboard('button.copy-link');
--- a/templates/front/my_checks_desktop.html
+++ b/templates/front/my_checks_desktop.html
@ -1,5 +1,8 @@
 {% load hc_extras %}
 <table id="checks-table" class="table">
 <table
    id="checks-table"
    class="table"
    data-status-url="{% url 'hc-status' request.team.user.username %}">
    <tr>
        <th></th>
        <th class="th-name">