nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

front.views.status uses project_id not user.username

pull/214/head
Pēteris Caune 6 years ago
parent
8eedf9d47b
commit
64158c83a8
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
4 changed files with 17 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -3
      hc/front/tests/test_status.py
  2. +1
    -1
      hc/front/urls.py
  3. +10
    -10
      hc/front/views.py
  4. +1
    -1
      templates/front/my_checks_desktop.html

+ 5
- 3
hc/front/tests/test_status.py View File

@ -10,9 +10,11 @@ class MyChecksTestCase(BaseTestCase):
self.check.tags = "foo" self.check.tags = "foo"
self.check.save() self.check.save()
self.url = "/projects/%s/checks/status/" % self.project.code
def test_it_works(self): def test_it_works(self):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get("/teams/alice/checks/status/")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 200) self.assertEqual(r.status_code, 200)
doc = r.json() doc = r.json()
@ -28,7 +30,7 @@ class MyChecksTestCase(BaseTestCase):
self.bobs_profile.save() self.bobs_profile.save()
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get("/teams/alice/checks/status/")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 200) self.assertEqual(r.status_code, 200)
def test_it_checks_ownership(self): def test_it_checks_ownership(self):
@ -36,5 +38,5 @@ class MyChecksTestCase(BaseTestCase):
self.bobs_profile.save() self.bobs_profile.save()
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get("/teams/alice/checks/status/")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)

+ 1
- 1
hc/front/urls.py View File

@ -51,7 +51,7 @@ urlpatterns = [
path('checks/', views.my_checks, name="hc-checks"), path('checks/', views.my_checks, name="hc-checks"),
path('checks/add/', views.add_check, name="hc-add-check"), path('checks/add/', views.add_check, name="hc-add-check"),
path('checks/cron_preview/', views.cron_preview), path('checks/cron_preview/', views.cron_preview),
path('teams/<str:username>/checks/status/', views.status, name="hc-status"),
path('projects/<uuid:code>/checks/status/', views.status, name="hc-status"),
path('checks/<uuid:code>/', include(check_urls)), path('checks/<uuid:code>/', include(check_urls)),
path('integrations/', include(channel_urls)), path('integrations/', include(channel_urls)),


+ 10
- 10
hc/front/views.py View File

@ -7,7 +7,7 @@ from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.core import signing from django.core import signing
from django.db.models import Count
from django.db.models import Count, Q
from django.http import (Http404, HttpResponse, HttpResponseBadRequest, from django.http import (Http404, HttpResponse, HttpResponseBadRequest,
HttpResponseForbidden, JsonResponse) HttpResponseForbidden, JsonResponse)
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
@ -17,6 +17,7 @@ from django.utils import timezone
from django.utils.crypto import get_random_string from django.utils.crypto import get_random_string
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_POST from django.views.decorators.http import require_POST
from hc.accounts.models import Project
from hc.api.models import (DEFAULT_GRACE, DEFAULT_TIMEOUT, Channel, Check, from hc.api.models import (DEFAULT_GRACE, DEFAULT_TIMEOUT, Channel, Check,
Ping, Notification) Ping, Notification)
from hc.api.transports import Telegram from hc.api.transports import Telegram
@ -78,17 +79,16 @@ def _get_check_for_user(request, code):
raise Http404("not found") raise Http404("not found")
def _has_access(request, username):
def _has_access(request, project_code):
""" Return true if current user has access to the specified account. """ """ Return true if current user has access to the specified account. """
if request.user.username == username:
return True
if request.user.is_superuser: if request.user.is_superuser:
return True return True
q = request.user.memberships
return q.filter(project__owner__username=username).exists()
is_owner = Q(owner_id=request.user.id)
is_member = Q(member__user_id=request.user.id)
projects = Project.objects.filter(is_owner | is_member)
return projects.filter(code=project_code).exists()
@login_required @login_required
@ -144,11 +144,11 @@ def my_checks(request):
@login_required @login_required
def status(request, username):
if not _has_access(request, username):
def status(request, code):
if not _has_access(request, code):
raise Http404("not found") raise Http404("not found")
checks = list(Check.objects.filter(project__owner__username=username))
checks = list(Check.objects.filter(project__code=code))
details = [] details = []
for check in checks: for check in checks:


+ 1
- 1
templates/front/my_checks_desktop.html View File

@ -2,7 +2,7 @@
<table <table
id="checks-table" id="checks-table"
class="table" class="table"
data-status-url="{% url 'hc-status' request.project.owner.username %}">
data-status-url="{% url 'hc-status' request.project.code %}">
<tr> <tr>
<th></th> <th></th>
<th class="th-name"> <th class="th-name">


Write Preview
Loading…
Cancel
Save