0001-search-return-404-if-cell-does-not-exist-49876.patch
combo/apps/search/models.py | ||
---|---|---|
24 | 24 |
from django.core.exceptions import PermissionDenied |
25 | 25 |
from django.utils.functional import cached_property |
26 | 26 |
from django.utils.http import quote |
27 |
from django.shortcuts import get_object_or_404 |
|
27 | 28 |
from django.template import RequestContext, Template |
28 | 29 | |
29 | 30 |
from jsonfield import JSONField |
... | ... | |
172 | 173 | |
173 | 174 |
@classmethod |
174 | 175 |
def ajax_results_view(cls, request, cell_pk, service_slug): |
175 |
cell = cls.objects.get(pk=cell_pk)
|
|
176 |
cell = get_object_or_404(cls, pk=cell_pk)
|
|
176 | 177 |
if not cell.is_visible(user=request.user) or not cell.page.is_visible(request.user): |
177 | 178 |
raise PermissionDenied |
178 | 179 |
tests/test_search.py | ||
---|---|---|
57 | 57 | |
58 | 58 | |
59 | 59 |
def test_search_cell(app): |
60 |
with SearchServices(SEARCH_SERVICES): |
|
61 |
page = Page(title='Search', slug='search_page', template_name='standard') |
|
62 |
page.save() |
|
60 |
page = Page(title='Search', slug='search_page', template_name='standard') |
|
61 |
page.save() |
|
63 | 62 | |
64 |
cell = SearchCell(page=page, placeholder='content', order=0)
|
|
65 |
cell._search_services = {'data': ['search1']}
|
|
66 |
cell.input_placeholder = 'my placeholder'
|
|
67 |
cell.save()
|
|
63 |
cell = SearchCell(page=page, placeholder='content', order=0) |
|
64 |
cell._search_services = {'data': ['search1']} |
|
65 |
cell.input_placeholder = 'my placeholder' |
|
66 |
cell.save() |
|
68 | 67 | |
68 |
# unknown cell pk |
|
69 |
resp = app.get('/ajax/search/0/search1/?q=foo', status=404) |
|
70 | ||
71 |
with SearchServices(SEARCH_SERVICES): |
|
69 | 72 |
resp = cell.render({}) |
70 | 73 |
assert 'input' in resp |
71 | 74 |
assert 'id="combo-search-input-%s"' % cell.pk in resp |
72 |
- |