Browse Source

Read-only users cannot edit filtering rules.

pull/419/head
Pēteris Caune 4 years ago
parent
commit
cbd7ffbffb
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
4 changed files with 23 additions and 1 deletions
  1. +1
    -0
      hc/front/tests/test_details.py
  2. +17
    -1
      hc/front/tests/test_filtering_rules.py
  3. +3
    -0
      hc/front/views.py
  4. +2
    -0
      templates/front/details.html

+ 1
- 0
hc/front/tests/test_details.py View File

@ -55,5 +55,6 @@ class DetailsTestCase(BaseTestCase):
self.assertNotContains(r, "edit-name", status_code=200) self.assertNotContains(r, "edit-name", status_code=200)
self.assertNotContains(r, "edit-desc") self.assertNotContains(r, "edit-desc")
self.assertNotContains(r, "Filtering Rules")
self.assertNotContains(r, "pause-btn") self.assertNotContains(r, "pause-btn")
self.assertNotContains(r, "Change Schedule") self.assertNotContains(r, "Change Schedule")

+ 17
- 1
hc/front/tests/test_filtering_rules.py View File

@ -20,7 +20,7 @@ class FilteringRulesTestCase(BaseTestCase):
} }
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, data=payload,)
r = self.client.post(self.url, data=payload)
self.assertRedirects(r, self.redirect_url) self.assertRedirects(r, self.redirect_url)
self.check.refresh_from_db() self.check.refresh_from_db()
@ -72,3 +72,19 @@ class FilteringRulesTestCase(BaseTestCase):
self.check.refresh_from_db() self.check.refresh_from_db()
self.assertFalse(self.check.manual_resume) self.assertFalse(self.check.manual_resume)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
payload = {
"subject": "SUCCESS",
"subject_fail": "ERROR",
"methods": "POST",
"manual_resume": "1",
"filter_by_subject": "yes",
}
self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, payload)
self.assertEqual(r.status_code, 403)

+ 3
- 0
hc/front/views.py View File

@ -362,6 +362,9 @@ def update_name(request, code):
@login_required @login_required
def filtering_rules(request, code): def filtering_rules(request, code):
check, rw = _get_check_for_user(request, code) check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
form = forms.FilteringRulesForm(request.POST) form = forms.FilteringRulesForm(request.POST)
if form.is_valid(): if form.is_valid():
check.subject = form.cleaned_data["subject"] check.subject = form.cleaned_data["subject"]


+ 2
- 0
templates/front/details.html View File

@ -95,10 +95,12 @@
</p> </p>
</div> </div>
<div class="text-right"> <div class="text-right">
{% if rw %}
<button <button
data-toggle="modal" data-toggle="modal"
data-target="#filtering-rules-modal" data-target="#filtering-rules-modal"
class="btn btn-sm btn-default">Filtering Rules&hellip;</button> class="btn btn-sm btn-default">Filtering Rules&hellip;</button>
{% endif %}
<button <button
data-toggle="modal" data-toggle="modal"
data-target="#show-usage-modal" data-target="#show-usage-modal"


Loading…
Cancel
Save