nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

Read-only users cannot toggle channels on and off.

pull/419/head
Pēteris Caune 4 years ago
parent
024d0adb9c
commit
c9baa2d8eb
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
5 changed files with 13 additions and 3 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -0
      hc/front/tests/test_switch_channel.py
  2. +2
    -0
      hc/front/views.py
  3. +1
    -1
      static/css/details.css
  4. +1
    -1
      static/js/details.js
  5. +1
    -1
      templates/front/details.html

+ 8
- 0
hc/front/tests/test_switch_channel.py View File

@ -51,3 +51,11 @@ class SwitchChannelTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, {"state": "on"}) r = self.client.post(self.url, {"state": "on"})
self.assertEqual(r.status_code, 200) self.assertEqual(r.status_code, 200)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, {"state": "on"})
self.assertEqual(r.status_code, 403)

+ 2
- 0
hc/front/views.py View File

@ -230,6 +230,8 @@ def status(request, code):
@require_POST @require_POST
def switch_channel(request, code, channel_code): def switch_channel(request, code, channel_code):
check, rw = _get_check_for_user(request, code) check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
channel = get_object_or_404(Channel, code=channel_code) channel = get_object_or_404(Channel, code=channel_code)
if channel.project_id != check.project_id: if channel.project_id != check.project_id:


+ 1
- 1
static/css/details.css View File

@ -73,7 +73,7 @@
background: #22bc66; background: #22bc66;
} }
#details-integrations tr:hover th, #details-integrations tr:hover td {
#details-integrations.rw tr:hover th, #details-integrations.rw tr:hover td {
cursor: pointer; cursor: pointer;
background-color: #f5f5f5; background-color: #f5f5f5;
} }


+ 1
- 1
static/js/details.js View File

@ -59,7 +59,7 @@ $(function () {
}, 300); }, 300);
}); });
$("#details-integrations tr").click(function() {
$("#details-integrations.rw tr").click(function() {
var isOn = $(this).toggleClass("on").hasClass("on"); var isOn = $(this).toggleClass("on").hasClass("on");
$(".label", this).text(isOn ? "ON" : "OFF"); $(".label", this).text(isOn ? "ON" : "OFF");


+ 1
- 1
templates/front/details.html View File

@ -206,7 +206,7 @@
<div class="details-block"> <div class="details-block">
<h2>Notification Methods</h2> <h2>Notification Methods</h2>
{% if channels %} {% if channels %}
<table id="details-integrations" class="table">
<table id="details-integrations" class="table {% if rw %}rw{% endif %}">
{% for channel in channels %} {% for channel in channels %}
<tr data-url="{% url 'hc-switch-channel' check.code channel.code %}" {% if channel in enabled_channels %}class="on"{% endif %}> <tr data-url="{% url 'hc-switch-channel' check.code channel.code %}" {% if channel in enabled_channels %}class="on"{% endif %}>
<th> <th>


Write Preview
Loading…
Cancel
Save