0002-dashboard-don-t-allow-GET-request-to-autotile-45053.patch
| combo/apps/dashboard/views.py | ||
|---|---|---|
| 21 | 21 |
from django.core.exceptions import PermissionDenied |
| 22 | 22 |
from django.urls import reverse |
| 23 | 23 |
from django.db.models import Max, Min |
| 24 |
from django.http import Http404, HttpResponse, HttpResponseBadRequest, HttpResponseRedirect |
|
| 24 |
from django.http import Http404, HttpResponse, HttpResponseBadRequest, HttpResponseRedirect, HttpResponseNotAllowed
|
|
| 25 | 25 |
from django.utils.encoding import force_text |
| 26 | 26 |
from django.views.decorators.csrf import csrf_exempt |
| 27 | 27 |
from django.views.generic import View |
| ... | ... | |
| 111 | 111 | |
| 112 | 112 |
@csrf_exempt |
| 113 | 113 |
def dashboard_auto_tile(request, *args, **kwargs): |
| 114 |
if request.method != 'POST': |
|
| 115 |
return HttpResponseNotAllowed(['post']) |
|
| 116 | ||
| 114 | 117 |
dashboard = DashboardCell.objects.all()[0] |
| 115 | 118 |
cell = ConfigJsonCell(key=kwargs.get('key'), order=1,
|
| 116 | 119 |
page_id=dashboard.page_id, placeholder='_auto_tile') |
| tests/test_dashboard.py | ||
|---|---|---|
| 214 | 214 |
params=json.dumps({'var2': 'two'}),
|
| 215 | 215 |
content_type='application/json', status=400) |
| 216 | 216 | |
| 217 |
# and with a GET instead of POST |
|
| 218 |
resp = app.get(reverse('combo-dashboard-auto-tile', kwargs={'key': 'test-config-json-cell'}),
|
|
| 219 |
status=405) |
|
| 220 | ||
| 217 | 221 | |
| 218 | 222 |
def test_clean_autotiles(app, site): |
| 219 | 223 |
appconfig = apps.get_app_config('dashboard')
|
| 220 |
- |
|