front.views.status uses project_id not user.username

6 years ago · 64158c83a8
--- a/hc/front/tests/test_status.py
+++ b/hc/front/tests/test_status.py
@ -10,9 +10,11 @@ class MyChecksTestCase(BaseTestCase):
        self.check.tags = "foo"
        self.check.save()

        self.url = "/projects/%s/checks/status/" % self.project.code

    def test_it_works(self):
        self.client.login(username="[email protected]", password="password")
        r = self.client.get("/teams/alice/checks/status/")
        r = self.client.get(self.url)
        self.assertEqual(r.status_code, 200)
        doc = r.json()

@ -28,7 +30,7 @@ class MyChecksTestCase(BaseTestCase):
        self.bobs_profile.save()

        self.client.login(username="[email protected]", password="password")
        r = self.client.get("/teams/alice/checks/status/")
        r = self.client.get(self.url)
        self.assertEqual(r.status_code, 200)

    def test_it_checks_ownership(self):
@ -36,5 +38,5 @@ class MyChecksTestCase(BaseTestCase):
        self.bobs_profile.save()

        self.client.login(username="[email protected]", password="password")
        r = self.client.get("/teams/alice/checks/status/")
        r = self.client.get(self.url)
        self.assertEqual(r.status_code, 404)
--- a/hc/front/urls.py
+++ b/hc/front/urls.py
@ -51,7 +51,7 @@ urlpatterns = [
    path('checks/', views.my_checks, name="hc-checks"),
    path('checks/add/', views.add_check, name="hc-add-check"),
    path('checks/cron_preview/', views.cron_preview),
    path('teams/<str:username>/checks/status/', views.status, name="hc-status"),
    path('projects/<uuid:code>/checks/status/', views.status, name="hc-status"),
    path('checks/<uuid:code>/', include(check_urls)),
    path('integrations/', include(channel_urls)),

--- a/hc/front/views.py
+++ b/hc/front/views.py
@ -7,7 +7,7 @@ from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.core import signing
 from django.db.models import Count
 from django.db.models import Count, Q
 from django.http import (Http404, HttpResponse, HttpResponseBadRequest,
                         HttpResponseForbidden, JsonResponse)
 from django.shortcuts import get_object_or_404, redirect, render
@ -17,6 +17,7 @@ from django.utils import timezone
 from django.utils.crypto import get_random_string
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
 from hc.accounts.models import Project
 from hc.api.models import (DEFAULT_GRACE, DEFAULT_TIMEOUT, Channel, Check,
                           Ping, Notification)
 from hc.api.transports import Telegram
@ -78,17 +79,16 @@ def _get_check_for_user(request, code):
        raise Http404("not found")


 def _has_access(request, username):
 def _has_access(request, project_code):
    """ Return true if current user has access to the specified account. """

    if request.user.username == username:
        return True

    if request.user.is_superuser:
        return True

    q = request.user.memberships
    return q.filter(project__owner__username=username).exists()
    is_owner = Q(owner_id=request.user.id)
    is_member = Q(member__user_id=request.user.id)
    projects = Project.objects.filter(is_owner | is_member)
    return projects.filter(code=project_code).exists()


@login_required
@ -144,11 +144,11 @@ def my_checks(request):


@login_required
 def status(request, username):
    if not _has_access(request, username):
 def status(request, code):
    if not _has_access(request, code):
        raise Http404("not found")

    checks = list(Check.objects.filter(project__owner__username=username))
    checks = list(Check.objects.filter(project__code=code))

    details = []
    for check in checks:
--- a/templates/front/my_checks_desktop.html
+++ b/templates/front/my_checks_desktop.html
@ -2,7 +2,7 @@
 <table
    id="checks-table"
    class="table"
    data-status-url="{% url 'hc-status' request.project.owner.username %}">
    data-status-url="{% url 'hc-status' request.project.code %}">
    <tr>
        <th></th>
        <th class="th-name">