diff --git a/hc/front/tests/test_status.py b/hc/front/tests/test_status.py index 7bf78907..1c9a5ead 100644 --- a/hc/front/tests/test_status.py +++ b/hc/front/tests/test_status.py @@ -10,9 +10,11 @@ class MyChecksTestCase(BaseTestCase): self.check.tags = "foo" self.check.save() + self.url = "/projects/%s/checks/status/" % self.project.code + def test_it_works(self): self.client.login(username="alice@example.org", password="password") - r = self.client.get("/teams/alice/checks/status/") + r = self.client.get(self.url) self.assertEqual(r.status_code, 200) doc = r.json() @@ -28,7 +30,7 @@ class MyChecksTestCase(BaseTestCase): self.bobs_profile.save() self.client.login(username="bob@example.org", password="password") - r = self.client.get("/teams/alice/checks/status/") + r = self.client.get(self.url) self.assertEqual(r.status_code, 200) def test_it_checks_ownership(self): @@ -36,5 +38,5 @@ class MyChecksTestCase(BaseTestCase): self.bobs_profile.save() self.client.login(username="charlie@example.org", password="password") - r = self.client.get("/teams/alice/checks/status/") + r = self.client.get(self.url) self.assertEqual(r.status_code, 404) diff --git a/hc/front/urls.py b/hc/front/urls.py index 6aea4edc..873fd084 100644 --- a/hc/front/urls.py +++ b/hc/front/urls.py @@ -51,7 +51,7 @@ urlpatterns = [ path('checks/', views.my_checks, name="hc-checks"), path('checks/add/', views.add_check, name="hc-add-check"), path('checks/cron_preview/', views.cron_preview), - path('teams//checks/status/', views.status, name="hc-status"), + path('projects//checks/status/', views.status, name="hc-status"), path('checks//', include(check_urls)), path('integrations/', include(channel_urls)), diff --git a/hc/front/views.py b/hc/front/views.py index 8057e93b..22b0a12f 100644 --- a/hc/front/views.py +++ b/hc/front/views.py @@ -7,7 +7,7 @@ from django.conf import settings from django.contrib import messages from django.contrib.auth.decorators import login_required from django.core import signing -from django.db.models import Count +from django.db.models import Count, Q from django.http import (Http404, HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, JsonResponse) from django.shortcuts import get_object_or_404, redirect, render @@ -17,6 +17,7 @@ from django.utils import timezone from django.utils.crypto import get_random_string from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_POST +from hc.accounts.models import Project from hc.api.models import (DEFAULT_GRACE, DEFAULT_TIMEOUT, Channel, Check, Ping, Notification) from hc.api.transports import Telegram @@ -78,17 +79,16 @@ def _get_check_for_user(request, code): raise Http404("not found") -def _has_access(request, username): +def _has_access(request, project_code): """ Return true if current user has access to the specified account. """ - if request.user.username == username: - return True - if request.user.is_superuser: return True - q = request.user.memberships - return q.filter(project__owner__username=username).exists() + is_owner = Q(owner_id=request.user.id) + is_member = Q(member__user_id=request.user.id) + projects = Project.objects.filter(is_owner | is_member) + return projects.filter(code=project_code).exists() @login_required @@ -144,11 +144,11 @@ def my_checks(request): @login_required -def status(request, username): - if not _has_access(request, username): +def status(request, code): + if not _has_access(request, code): raise Http404("not found") - checks = list(Check.objects.filter(project__owner__username=username)) + checks = list(Check.objects.filter(project__code=code)) details = [] for check in checks: diff --git a/templates/front/my_checks_desktop.html b/templates/front/my_checks_desktop.html index f94eefab..e43883db 100644 --- a/templates/front/my_checks_desktop.html +++ b/templates/front/my_checks_desktop.html @@ -2,7 +2,7 @@ + data-status-url="{% url 'hc-status' request.project.code %}">