harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Read-only users cannot add checks.

Browse Source 
Read-only users cannot pause checks.
This commit is contained in:
Pēteris Caune 2020-08-26 12:29:03 +03:00
parent 00790dc33c
commit 11d8e6197c
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
8 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hc/front/tests/test_add_check.py
View File

@ -32,6 +32,14 @@ class AddCheckTestCase(BaseTestCase):
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertEqual(r.status_code, 405) self.assertEqual(r.status_code, 405)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="bob@example.org", password="password")
r = self.client.post(self.url)
self.assertEqual(r.status_code, 403)
def test_it_obeys_check_limit(self): def test_it_obeys_check_limit(self):
self.profile.check_limit = 0 self.profile.check_limit = 0
self.profile.save() self.profile.save()

1
hc/front/tests/test_details.py
View File

@ -55,4 +55,5 @@ class DetailsTestCase(BaseTestCase):
self.assertNotContains(r, "edit-name", status_code=200) self.assertNotContains(r, "edit-name", status_code=200)
self.assertNotContains(r, "edit-desc") self.assertNotContains(r, "edit-desc")
self.assertNotContains(r, "pause-btn")
self.assertNotContains(r, "Change Schedule") self.assertNotContains(r, "Change Schedule")

14
hc/front/tests/test_my_checks.py
View File

@ -17,6 +17,8 @@ class MyChecksTestCase(BaseTestCase):
self.client.login(username=email, password="password") self.client.login(username=email, password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertContains(r, "Alice Was Here", status_code=200) self.assertContains(r, "Alice Was Here", status_code=200)
# The pause button:
self.assertContains(r, "btn btn-default pause", status_code=200)
# last_active_date should have been set # last_active_date should have been set
self.profile.refresh_from_db() self.profile.refresh_from_db()
@ -125,3 +127,15 @@ class MyChecksTestCase(BaseTestCase):
self.client.login(username="alice@example.org", password="password") self.client.login(username="alice@example.org", password="password")
r = self.client.get(self.url) r = self.client.get(self.url)
self.assertContains(r, """<div class="btn btn-xs grace ">foo</div>""") self.assertContains(r, """<div class="btn btn-xs grace ">foo</div>""")
def test_it_hides_actions_from_readonly_users(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="bob@example.org", password="password")
r = self.client.get(self.url)
self.assertNotContains(r, "Add Check", status_code=200)
# The pause button:
self.assertNotContains(r, "btn btn-default pause", status_code=200)

8
hc/front/tests/test_pause.py
View File

@ -46,3 +46,11 @@ class PauseTestCase(BaseTestCase):
self.client.login(username="alice@example.org", password="password") self.client.login(username="alice@example.org", password="password")
r = self.client.post(self.url, HTTP_X_REQUESTED_WITH="XMLHttpRequest") r = self.client.post(self.url, HTTP_X_REQUESTED_WITH="XMLHttpRequest")
self.assertEqual(r.status_code, 200) self.assertEqual(r.status_code, 200)
def test_it_requires_rw_access(self):
self.bobs_membership.rw = False
self.bobs_membership.save()
self.client.login(username="bob@example.org", password="password")
r = self.client.post(self.url)
self.assertEqual(r.status_code, 403)

5
hc/front/views.py
View File

@ -323,6 +323,9 @@ def docs_cron(request):
@login_required @login_required
def add_check(request, code): def add_check(request, code):
project, rw = _get_project_for_user(request, code) project, rw = _get_project_for_user(request, code)
if not rw:
return HttpResponseForbidden()
if project.num_checks_available() <= 0: if project.num_checks_available() <= 0:
return HttpResponseBadRequest() return HttpResponseBadRequest()
@ -461,6 +464,8 @@ def ping_details(request, code, n=None):
@login_required @login_required
def pause(request, code): def pause(request, code):
check, rw = _get_check_for_user(request, code) check, rw = _get_check_for_user(request, code)
if not rw:
return HttpResponseForbidden()
check.status = "paused" check.status = "paused"
check.last_start = None check.last_start = None

2
templates/front/details.html
View File

@ -129,6 +129,7 @@
</tr> </tr>
</table> </table>
<div class="text-right"> <div class="text-right">
{% if rw %}
<form action="{% url 'hc-pause' check.code %}" method="post"> <form action="{% url 'hc-pause' check.code %}" method="post">
{% csrf_token %} {% csrf_token %}
<input <input
@ -137,6 +138,7 @@
{% if check.status == "paused" %}disabled{% endif %} {% if check.status == "paused" %}disabled{% endif %}
class="btn btn-sm btn-default" value="Pause" /> class="btn btn-sm btn-default" value="Pause" />
</form> </form>
{% endif %}
<button <button
id="ping-now" id="ping-now"

3
templates/front/my_checks.html
View File

@ -32,6 +32,8 @@
{% endif %} {% endif %}
</div> </div>
</div> </div>
{% if rw %}
<div id="my-checks-bottom-actions" class="row"> <div id="my-checks-bottom-actions" class="row">
<div class="col-sm-12"> <div class="col-sm-12">
{% if num_available > 0 %} {% if num_available > 0 %}
@ -57,6 +59,7 @@
{% endif %} {% endif %}
</div> </div>
</div> </div>
{% endif %}
{% include "front/update_name_modal.html" %} {% include "front/update_name_modal.html" %}
{% include "front/update_timeout_modal.html" %} {% include "front/update_timeout_modal.html" %}

2
templates/front/my_checks_desktop.html
View File

@ -126,9 +126,11 @@
</div> </div>
</td> </td>
<td class="actions"> <td class="actions">
{% if rw %}
<button class="btn btn-default pause" type="button"> <button class="btn btn-default pause" type="button">
<span class="icon-paused" /> <span class="icon-paused" />
</button> </button>
{% endif %}
<button title="Show Details" class="btn btn-default show-log" type="button"> <button title="Show Details" class="btn btn-default show-log" type="button">
<span class="icon-dots" /> <span class="icon-dots" />