0002-dashboard-don-t-allow-GET-request-to-autotile-45053.patch
combo/apps/dashboard/views.py | ||
---|---|---|
21 | 21 |
from django.core.exceptions import PermissionDenied |
22 | 22 |
from django.urls import reverse |
23 | 23 |
from django.db.models import Max, Min |
24 |
from django.http import Http404, HttpResponse, HttpResponseBadRequest, HttpResponseRedirect |
|
24 |
from django.http import Http404, HttpResponse, HttpResponseBadRequest, HttpResponseRedirect, HttpResponseNotAllowed
|
|
25 | 25 |
from django.utils.encoding import force_text |
26 | 26 |
from django.views.decorators.csrf import csrf_exempt |
27 | 27 |
from django.views.generic import View |
... | ... | |
111 | 111 | |
112 | 112 |
@csrf_exempt |
113 | 113 |
def dashboard_auto_tile(request, *args, **kwargs): |
114 |
if request.method != 'POST': |
|
115 |
return HttpResponseNotAllowed(['post']) |
|
116 | ||
114 | 117 |
dashboard = DashboardCell.objects.all()[0] |
115 | 118 |
cell = ConfigJsonCell(key=kwargs.get('key'), order=1, |
116 | 119 |
page_id=dashboard.page_id, placeholder='_auto_tile') |
tests/test_dashboard.py | ||
---|---|---|
214 | 214 |
params=json.dumps({'var2': 'two'}), |
215 | 215 |
content_type='application/json', status=400) |
216 | 216 | |
217 |
# and with a GET instead of POST |
|
218 |
resp = app.get(reverse('combo-dashboard-auto-tile', kwargs={'key': 'test-config-json-cell'}), |
|
219 |
status=405) |
|
220 | ||
217 | 221 | |
218 | 222 |
def test_clean_autotiles(app, site): |
219 | 223 |
appconfig = apps.get_app_config('dashboard') |
220 |
- |