nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

The "Add Integration" pages require read-write access.

pull/419/head
Pēteris Caune 4 years ago
parent
c9baa2d8eb
commit
bdf99e0ea7
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
30 changed files with 301 additions and 59 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -0
      hc/front/tests/test_add_apprise.py
  2. +8
    -0
      hc/front/tests/test_add_call.py
  3. +8
    -0
      hc/front/tests/test_add_discord.py
  4. +8
    -0
      hc/front/tests/test_add_discord_complete.py
  5. +8
    -0
      hc/front/tests/test_add_email.py
  6. +9
    -0
      hc/front/tests/test_add_linenotify.py
  7. +8
    -1
      hc/front/tests/test_add_matrix.py
  8. +8
    -0
      hc/front/tests/test_add_mattermost.py
  9. +8
    -0
      hc/front/tests/test_add_msteams.py
  10. +8
    -0
      hc/front/tests/test_add_opsgenie.py
  11. +8
    -0
      hc/front/tests/test_add_pagertree.py
  12. +8
    -0
      hc/front/tests/test_add_pd.py
  13. +8
    -0
      hc/front/tests/test_add_pdc.py
  14. +12
    -0
      hc/front/tests/test_add_pdc_complete.py
  15. +8
    -0
      hc/front/tests/test_add_pushbullet.py
  16. +9
    -0
      hc/front/tests/test_add_pushbullet_complete.py
  17. +8
    -0
      hc/front/tests/test_add_pushover.py
  18. +8
    -0
      hc/front/tests/test_add_shell.py
  19. +8
    -0
      hc/front/tests/test_add_slack.py
  20. +8
    -0
      hc/front/tests/test_add_slack_btn.py
  21. +8
    -0
      hc/front/tests/test_add_slack_complete.py
  22. +8
    -0
      hc/front/tests/test_add_sms.py
  23. +8
    -0
      hc/front/tests/test_add_spike.py
  24. +11
    -0
      hc/front/tests/test_add_telegram.py
  25. +8
    -0
      hc/front/tests/test_add_trello.py
  26. +8
    -0
      hc/front/tests/test_add_victorops.py
  27. +8
    -0
      hc/front/tests/test_add_webhook.py
  28. +8
    -0
      hc/front/tests/test_add_whatsapp.py
  29. +8
    -0
      hc/front/tests/test_add_zulip.py
  30. +60
    -58
      hc/front/views.py

+ 8
- 0
hc/front/tests/test_add_apprise.py View File

@ -31,3 +31,11 @@ class AddAppriseTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_call.py View File

@ -57,3 +57,11 @@ class AddCallTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_discord.py View File

@ -22,3 +22,11 @@ class AddDiscordTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_discord_complete.py View File

@ -74,3 +74,11 @@ class AddDiscordCompleteTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url + "?code=12345678&state=bar") r = self.client.get(self.url + "?code=12345678&state=bar")
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url + "?code=12345678&state=bar")
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_email.py View File

@ -112,3 +112,11 @@ class AddEmailTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, form) r = self.client.post(self.url, form)
self.assertContains(r, "Please select at least one.") self.assertContains(r, "Please select at least one.")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 9
- 0
hc/front/tests/test_add_linenotify.py View File

@ -1,6 +1,7 @@
from hc.api.models import Channel from hc.api.models import Channel
from hc.test import BaseTestCase from hc.test import BaseTestCase
class AddLineNotifyTestCase(BaseTestCase): class AddLineNotifyTestCase(BaseTestCase):
url = "/integrations/add_linenotify/" url = "/integrations/add_linenotify/"
@ -37,3 +38,11 @@ class AddLineNotifyTestCase(BaseTestCase):
c = Channel.objects.get() c = Channel.objects.get()
self.assertEqual(c.value, "foo123") self.assertEqual(c.value, "foo123")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 1
hc/front/tests/test_add_matrix.py View File

@ -1,4 +1,3 @@
from json import JSONDecodeError
from unittest.mock import patch from unittest.mock import patch
from django.test.utils import override_settings from django.test.utils import override_settings
@ -49,3 +48,11 @@ class AddMatrixTestCase(BaseTestCase):
self.assertContains(r, "Matrix server returned status code 429") self.assertContains(r, "Matrix server returned status code 429")
self.assertFalse(Channel.objects.exists()) self.assertFalse(Channel.objects.exists())
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_mattermost.py View File

@ -23,3 +23,11 @@ class AddMattermostTestCase(BaseTestCase):
self.assertEqual(c.kind, "mattermost") self.assertEqual(c.kind, "mattermost")
self.assertEqual(c.value, "http://example.org") self.assertEqual(c.value, "http://example.org")
self.assertEqual(c.project, self.project) self.assertEqual(c.project, self.project)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_msteams.py View File

@ -23,3 +23,11 @@ class AddMsTeamsTestCase(BaseTestCase):
self.assertEqual(c.kind, "msteams") self.assertEqual(c.kind, "msteams")
self.assertEqual(c.value, "https://example.com/foo") self.assertEqual(c.value, "https://example.com/foo")
self.assertEqual(c.project, self.project) self.assertEqual(c.project, self.project)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_opsgenie.py View File

@ -48,3 +48,11 @@ class AddOpsGenieTestCase(BaseTestCase):
c = Channel.objects.get() c = Channel.objects.get()
payload = json.loads(c.value) payload = json.loads(c.value)
self.assertEqual(payload["region"], "eu") self.assertEqual(payload["region"], "eu")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_pagertree.py View File

@ -30,3 +30,11 @@ class AddPagerTreeTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, form) r = self.client.post(self.url, form)
self.assertContains(r, "Enter a valid URL") self.assertContains(r, "Enter a valid URL")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_pd.py View File

@ -32,3 +32,11 @@ class AddPdTestCase(BaseTestCase):
c = Channel.objects.get() c = Channel.objects.get()
self.assertEqual(c.value, "123456") self.assertEqual(c.value, "123456")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_pdc.py View File

@ -30,3 +30,11 @@ class AddPdConnectTestCase(BaseTestCase):
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 12
- 0
hc/front/tests/test_add_pdc_complete.py View File

@ -24,3 +24,15 @@ class AddPdcCompleteTestCase(BaseTestCase):
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
session = self.client.session
session["pd"] = "1234567890AB"
session.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_pushbullet.py View File

@ -22,3 +22,11 @@ class AddPushbulletTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 9
- 0
hc/front/tests/test_add_pushbullet_complete.py View File

@ -69,3 +69,12 @@ class AddPushbulletTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(url) r = self.client.get(url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
url = self.url + "?code=12345678&state=bar&project=%s" % self.project.code
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_pushover.py View File

@ -79,3 +79,11 @@ class AddPushoverTestCase(BaseTestCase):
params = "?pushover_user_key=a&state=INVALID&prio=0" params = "?pushover_user_key=a&state=INVALID&prio=0"
r = self.client.get(self.url + params) r = self.client.get(self.url + params)
self.assertEqual(r.status_code, 403) self.assertEqual(r.status_code, 403)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_shell.py View File

@ -53,3 +53,11 @@ class AddShellTestCase(BaseTestCase):
c = Channel.objects.get() c = Channel.objects.get()
self.assertEqual(c.cmd_down, "") self.assertEqual(c.cmd_down, "")
self.assertEqual(c.cmd_up, "logger up") self.assertEqual(c.cmd_up, "logger up")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_slack.py View File

@ -30,3 +30,11 @@ class AddSlackTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, form) r = self.client.post(self.url, form)
self.assertContains(r, "Enter a valid URL") self.assertContains(r, "Enter a valid URL")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_slack_btn.py View File

@ -26,3 +26,11 @@ class AddSlackBtnTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_slack_complete.py View File

@ -73,3 +73,11 @@ class AddSlackCompleteTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get("/integrations/add_slack_btn/?code=12345678&state=foo") r = self.client.get("/integrations/add_slack_btn/?code=12345678&state=foo")
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get("/integrations/add_slack_btn/?code=12345678&state=foo")
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_sms.py View File

@ -57,3 +57,11 @@ class AddSmsTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_spike.py View File

@ -30,3 +30,11 @@ class AddSpikeTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, form) r = self.client.post(self.url, form)
self.assertContains(r, "Enter a valid URL") self.assertContains(r, "Enter a valid URL")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 11
- 0
hc/front/tests/test_add_telegram.py View File

@ -90,3 +90,14 @@ class AddTelegramTestCase(BaseTestCase):
else: else:
# JSON decodes but message structure not recognized # JSON decodes but message structure not recognized
self.assertEqual(r.status_code, 200) self.assertEqual(r.status_code, 200)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
payload = signing.dumps((123, "group", "My Group"))
self.client.login(username="[email protected]", password="password")
form = {"project": str(self.project.code)}
r = self.client.post(self.url + "?" + payload, form)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_trello.py View File

@ -42,3 +42,11 @@ class AddTrelloTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_victorops.py View File

@ -30,3 +30,11 @@ class AddVictorOpsTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, form) r = self.client.post(self.url, form)
self.assertContains(r, "Enter a valid URL") self.assertContains(r, "Enter a valid URL")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_webhook.py View File

@ -177,3 +177,11 @@ class AddWebhookTestCase(BaseTestCase):
self.assertContains(r, "Enter a valid URL.") self.assertContains(r, "Enter a valid URL.")
self.assertEqual(Channel.objects.count(), 0) self.assertEqual(Channel.objects.count(), 0)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_whatsapp.py View File

@ -70,3 +70,11 @@ class AddWhatsAppTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 404) self.assertEqual(r.status_code, 404)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 8
- 0
hc/front/tests/test_add_zulip.py View File

@ -78,3 +78,11 @@ class AddZulipTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, form) r = self.client.post(self.url, form)
self.assertContains(r, "This field is required.") self.assertContains(r, "This field is required.")
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.get(self.url)
self.assertEqual(r.status_code, 403)

+ 60
- 58
hc/front/views.py View File

@ -10,6 +10,7 @@ from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.core import signing from django.core import signing
from django.core.exceptions import PermissionDenied
from django.db.models import Count from django.db.models import Count
from django.http import ( from django.http import (
Http404, Http404,
@ -96,6 +97,14 @@ def _get_check_for_user(request, code):
return check, membership.rw return check, membership.rw
def _get_rw_check_for_user(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
raise PermissionDenied
return check
def _get_channel_for_user(request, code): def _get_channel_for_user(request, code):
""" Return specified channel if current user has access to it. """ """ Return specified channel if current user has access to it. """
@ -123,9 +132,20 @@ def _get_project_for_user(request, project_code):
return project, True return project, True
membership = get_object_or_404(Member, project=project, user=request.user) membership = get_object_or_404(Member, project=project, user=request.user)
return project, membership.rw return project, membership.rw
def _get_rw_project_for_user(request, project_code):
""" Check access, return (project, rw) tuple. """
project, rw = _get_project_for_user(request, project_code)
if not rw:
raise PermissionDenied
return project
def _refresh_last_active_date(profile): def _refresh_last_active_date(profile):
""" Update last_active_date if it is more than a day old. """ """ Update last_active_date if it is more than a day old. """
@ -229,9 +249,7 @@ def status(request, code):
@login_required @login_required
@require_POST @require_POST
def switch_channel(request, code, channel_code): def switch_channel(request, code, channel_code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
channel = get_object_or_404(Channel, code=channel_code) channel = get_object_or_404(Channel, code=channel_code)
if channel.project_id != check.project_id: if channel.project_id != check.project_id:
@ -324,10 +342,7 @@ def docs_cron(request):
@require_POST @require_POST
@login_required @login_required
def add_check(request, code): def add_check(request, code):
project, rw = _get_project_for_user(request, code)
if not rw:
return HttpResponseForbidden()
project = _get_rw_project_for_user(request, code)
if project.num_checks_available() <= 0: if project.num_checks_available() <= 0:
return HttpResponseBadRequest() return HttpResponseBadRequest()
@ -343,9 +358,7 @@ def add_check(request, code):
@require_POST @require_POST
@login_required @login_required
def update_name(request, code): def update_name(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
form = forms.NameTagsForm(request.POST) form = forms.NameTagsForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -363,9 +376,7 @@ def update_name(request, code):
@require_POST @require_POST
@login_required @login_required
def filtering_rules(request, code): def filtering_rules(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
form = forms.FilteringRulesForm(request.POST) form = forms.FilteringRulesForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -381,9 +392,7 @@ def filtering_rules(request, code):
@require_POST @require_POST
@login_required @login_required
def update_timeout(request, code): def update_timeout(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
kind = request.POST.get("kind") kind = request.POST.get("kind")
if kind == "simple": if kind == "simple":
@ -468,9 +477,7 @@ def ping_details(request, code, n=None):
@require_POST @require_POST
@login_required @login_required
def pause(request, code): def pause(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
check.status = "paused" check.status = "paused"
check.last_start = None check.last_start = None
@ -501,9 +508,7 @@ def resume(request, code):
@require_POST @require_POST
@login_required @login_required
def remove_check(request, code): def remove_check(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
project = check.project project = check.project
check.delete() check.delete()
@ -583,12 +588,10 @@ def details(request, code):
@login_required @login_required
def transfer(request, code): def transfer(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
if request.method == "POST": if request.method == "POST":
target_project, rw = _get_project_for_user(request, request.POST["project"])
target_project = _get_rw_project_for_user(request, request.POST["project"])
if target_project.num_checks_available() <= 0: if target_project.num_checks_available() <= 0:
return HttpResponseBadRequest() return HttpResponseBadRequest()
@ -606,9 +609,7 @@ def transfer(request, code):
@require_POST @require_POST
@login_required @login_required
def copy(request, code): def copy(request, code):
check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check = _get_rw_check_for_user(request, code)
if check.project.num_checks_available() <= 0: if check.project.num_checks_available() <= 0:
return HttpResponseBadRequest() return HttpResponseBadRequest()
@ -854,7 +855,7 @@ def remove_channel(request, code):
@login_required @login_required
def add_email(request, code): def add_email(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddEmailForm(request.POST) form = forms.AddEmailForm(request.POST)
@ -899,7 +900,7 @@ def add_email(request, code):
@login_required @login_required
def add_webhook(request, code): def add_webhook(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.WebhookForm(request.POST) form = forms.WebhookForm(request.POST)
@ -961,7 +962,7 @@ def edit_webhook(request, code):
@require_setting("SHELL_ENABLED") @require_setting("SHELL_ENABLED")
@login_required @login_required
def add_shell(request, code): def add_shell(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddShellForm(request.POST) form = forms.AddShellForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -984,7 +985,7 @@ def add_shell(request, code):
@login_required @login_required
def add_pd(request, code): def add_pd(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddPdForm(request.POST) form = forms.AddPdForm(request.POST)
@ -1011,7 +1012,7 @@ def pdc_help(request):
@require_setting("PD_VENDOR_KEY") @require_setting("PD_VENDOR_KEY")
@login_required @login_required
def add_pdc(request, code): def add_pdc(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
state = token_urlsafe() state = token_urlsafe()
callback = settings.SITE_ROOT + reverse( callback = settings.SITE_ROOT + reverse(
@ -1032,7 +1033,7 @@ def add_pdc_complete(request, code, state):
if "pd" not in request.session: if "pd" not in request.session:
return HttpResponseBadRequest() return HttpResponseBadRequest()
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
session_state = request.session.pop("pd") session_state = request.session.pop("pd")
if session_state != state: if session_state != state:
@ -1057,7 +1058,7 @@ def add_pdc_complete(request, code, state):
@login_required @login_required
def add_pagertree(request, code): def add_pagertree(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddUrlForm(request.POST) form = forms.AddUrlForm(request.POST)
@ -1077,7 +1078,7 @@ def add_pagertree(request, code):
@login_required @login_required
def add_slack(request, code): def add_slack(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddUrlForm(request.POST) form = forms.AddUrlForm(request.POST)
@ -1108,7 +1109,7 @@ def slack_help(request):
@require_setting("SLACK_CLIENT_ID") @require_setting("SLACK_CLIENT_ID")
@login_required @login_required
def add_slack_btn(request, code): def add_slack_btn(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
state = token_urlsafe() state = token_urlsafe()
authorize_url = "https://slack.com/oauth/v2/authorize?" + urlencode( authorize_url = "https://slack.com/oauth/v2/authorize?" + urlencode(
@ -1136,7 +1137,7 @@ def add_slack_complete(request):
return HttpResponseForbidden() return HttpResponseForbidden()
state, code = request.session.pop("add_slack") state, code = request.session.pop("add_slack")
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.GET.get("error") == "access_denied": if request.GET.get("error") == "access_denied":
messages.warning(request, "Slack setup was cancelled.") messages.warning(request, "Slack setup was cancelled.")
return redirect("hc-p-channels", project.code) return redirect("hc-p-channels", project.code)
@ -1169,7 +1170,7 @@ def add_slack_complete(request):
@login_required @login_required
def add_mattermost(request, code): def add_mattermost(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddUrlForm(request.POST) form = forms.AddUrlForm(request.POST)
@ -1190,7 +1191,7 @@ def add_mattermost(request, code):
@require_setting("PUSHBULLET_CLIENT_ID") @require_setting("PUSHBULLET_CLIENT_ID")
@login_required @login_required
def add_pushbullet(request, code): def add_pushbullet(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
redirect_uri = settings.SITE_ROOT + reverse("hc-add-pushbullet-complete") redirect_uri = settings.SITE_ROOT + reverse("hc-add-pushbullet-complete")
state = token_urlsafe() state = token_urlsafe()
@ -1220,7 +1221,7 @@ def add_pushbullet_complete(request):
return HttpResponseForbidden() return HttpResponseForbidden()
state, code = request.session.pop("add_pushbullet") state, code = request.session.pop("add_pushbullet")
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.GET.get("error") == "access_denied": if request.GET.get("error") == "access_denied":
messages.warning(request, "Pushbullet setup was cancelled.") messages.warning(request, "Pushbullet setup was cancelled.")
@ -1255,7 +1256,7 @@ def add_pushbullet_complete(request):
@require_setting("DISCORD_CLIENT_ID") @require_setting("DISCORD_CLIENT_ID")
@login_required @login_required
def add_discord(request, code): def add_discord(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
redirect_uri = settings.SITE_ROOT + reverse("hc-add-discord-complete") redirect_uri = settings.SITE_ROOT + reverse("hc-add-discord-complete")
state = token_urlsafe() state = token_urlsafe()
auth_url = "https://discordapp.com/api/oauth2/authorize?" + urlencode( auth_url = "https://discordapp.com/api/oauth2/authorize?" + urlencode(
@ -1281,7 +1282,7 @@ def add_discord_complete(request):
return HttpResponseForbidden() return HttpResponseForbidden()
state, code = request.session.pop("add_discord") state, code = request.session.pop("add_discord")
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.GET.get("error") == "access_denied": if request.GET.get("error") == "access_denied":
messages.warning(request, "Discord setup was cancelled.") messages.warning(request, "Discord setup was cancelled.")
@ -1324,7 +1325,7 @@ def pushover_help(request):
@require_setting("PUSHOVER_API_TOKEN") @require_setting("PUSHOVER_API_TOKEN")
@login_required @login_required
def add_pushover(request, code): def add_pushover(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
state = token_urlsafe() state = token_urlsafe()
@ -1389,7 +1390,7 @@ def add_pushover(request, code):
@login_required @login_required
def add_opsgenie(request, code): def add_opsgenie(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddOpsGenieForm(request.POST) form = forms.AddOpsGenieForm(request.POST)
@ -1410,7 +1411,7 @@ def add_opsgenie(request, code):
@login_required @login_required
def add_victorops(request, code): def add_victorops(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddUrlForm(request.POST) form = forms.AddUrlForm(request.POST)
@ -1430,7 +1431,7 @@ def add_victorops(request, code):
@login_required @login_required
def add_zulip(request, code): def add_zulip(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddZulipForm(request.POST) form = forms.AddZulipForm(request.POST)
@ -1498,7 +1499,7 @@ def add_telegram(request):
return render(request, "bad_link.html") return render(request, "bad_link.html")
if request.method == "POST": if request.method == "POST":
project, rw = _get_project_for_user(request, request.POST.get("project"))
project = _get_rw_project_for_user(request, request.POST.get("project"))
channel = Channel(project=project, kind="telegram") channel = Channel(project=project, kind="telegram")
channel.value = json.dumps( channel.value = json.dumps(
{"id": chat_id, "type": chat_type, "name": chat_name} {"id": chat_id, "type": chat_type, "name": chat_name}
@ -1524,7 +1525,7 @@ def add_telegram(request):
@require_setting("TWILIO_AUTH") @require_setting("TWILIO_AUTH")
@login_required @login_required
def add_sms(request, code): def add_sms(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddSmsForm(request.POST) form = forms.AddSmsForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -1550,7 +1551,7 @@ def add_sms(request, code):
@require_setting("TWILIO_AUTH") @require_setting("TWILIO_AUTH")
@login_required @login_required
def add_call(request, code): def add_call(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddSmsForm(request.POST) form = forms.AddSmsForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -1576,7 +1577,7 @@ def add_call(request, code):
@require_setting("TWILIO_USE_WHATSAPP") @require_setting("TWILIO_USE_WHATSAPP")
@login_required @login_required
def add_whatsapp(request, code): def add_whatsapp(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddSmsForm(request.POST) form = forms.AddSmsForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -1608,7 +1609,7 @@ def add_whatsapp(request, code):
@require_setting("TRELLO_APP_KEY") @require_setting("TRELLO_APP_KEY")
@login_required @login_required
def add_trello(request, code): def add_trello(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
channel = Channel(project=project, kind="trello") channel = Channel(project=project, kind="trello")
channel.value = request.POST["settings"] channel.value = request.POST["settings"]
@ -1641,7 +1642,7 @@ def add_trello(request, code):
@require_setting("MATRIX_ACCESS_TOKEN") @require_setting("MATRIX_ACCESS_TOKEN")
@login_required @login_required
def add_matrix(request, code): def add_matrix(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddMatrixForm(request.POST) form = forms.AddMatrixForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -1673,7 +1674,8 @@ def add_matrix(request, code):
@require_setting("APPRISE_ENABLED") @require_setting("APPRISE_ENABLED")
@login_required @login_required
def add_apprise(request, code): def add_apprise(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddAppriseForm(request.POST) form = forms.AddAppriseForm(request.POST)
if form.is_valid(): if form.is_valid():
@ -1714,7 +1716,7 @@ def trello_settings(request):
@login_required @login_required
def add_msteams(request, code): def add_msteams(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddUrlForm(request.POST) form = forms.AddUrlForm(request.POST)
@ -1787,7 +1789,7 @@ def metrics(request, code, key):
@login_required @login_required
def add_spike(request, code): def add_spike(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddUrlForm(request.POST) form = forms.AddUrlForm(request.POST)
@ -1807,7 +1809,7 @@ def add_spike(request, code):
@login_required @login_required
def add_linenotify(request, code): def add_linenotify(request, code):
project, rw = _get_project_for_user(request, code)
project = _get_rw_project_for_user(request, code)
if request.method == "POST": if request.method == "POST":
form = forms.AddLineNotifyForm(request.POST) form = forms.AddLineNotifyForm(request.POST)


Write Preview
Loading…
Cancel
Save