0001-wf-jump-respond-404-on-non-existing-trigger-on-all-H.patch
tests/api/test_workflow.py | ||
---|---|---|
108 | 108 |
get_app(pub).post(sign_uri(formdata.get_url() + 'jump/trigger/XXX/'), status=200) |
109 | 109 |
assert formdef.data_class().get(formdata.id).status == 'wf-st2' |
110 | 110 | |
111 |
# verify trigger presence (not-404 response) |
|
112 |
formdata.store() # reset |
|
113 |
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=403) # not 404: ok |
|
114 |
assert formdef.data_class().get(formdata.id).status == 'wf-st1' |
|
115 |
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/ABC'), status=404) |
|
116 |
# jump and test trigger is not available anymore |
|
117 |
get_app(pub).post(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=200) |
|
118 |
assert formdef.data_class().get(formdata.id).status == 'wf-st2' |
|
119 |
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=404) |
|
120 | ||
111 | 121 |
pub.role_class.wipe() |
112 | 122 |
role = pub.role_class(name='xxx') |
113 | 123 |
role.store() |
wcs/wf/jump.py | ||
---|---|---|
71 | 71 |
if get_request().is_json(): |
72 | 72 |
get_response().set_content_type('application/json') |
73 | 73 | |
74 |
if not get_request().get_method() == 'POST': |
|
75 |
raise errors.AccessForbiddenError() |
|
76 | ||
77 | 74 |
signed_request = is_url_signed() |
78 | 75 |
user = get_user_from_api_query_string() or get_request().user |
79 | 76 |
for item in self.wfstatus.items: |
... | ... | |
82 | 79 |
if not hasattr(item, 'trigger'): |
83 | 80 |
continue |
84 | 81 |
if component == item.trigger: |
82 |
if not get_request().get_method() == 'POST': |
|
83 |
raise errors.AccessForbiddenError() |
|
85 | 84 |
if signed_request and not item.by: |
86 | 85 |
pass |
87 | 86 |
elif not item.check_auth(self.formdata, user): |
88 |
- |