Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add GET to OPTIONS #941

Merged
merged 3 commits into from
Jun 21, 2024
Merged

fix: add GET to OPTIONS #941

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f0914ff
fix: add GET to OPTIONS's actions list
bzwei Jun 13, 2024
f70bd58
Merge branch 'main' into options-get
bzwei Jun 20, 2024
ab800b0
Merge branch 'main' into options-get
bzwei Jun 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion src/aap_eda/api/metadata.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@ def determine_actions(self, request, view):
the fields that are accepted for 'PUT' and 'POST' methods.
"""
actions = {}
for method in {"PUT", "PATCH", "POST"} & set(view.allowed_methods):
for method in {"GET", "PUT", "PATCH", "POST"} & set(
bzwei marked this conversation as resolved.
Show resolved Hide resolved
view.allowed_methods
):
view.request = clone_request(request, method)
try:
# Test global permissions
Expand Down
2 changes: 0 additions & 2 deletions src/aap_eda/api/serializers/rulebook.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,6 @@ class Meta:
fields = [
"id",
"name",
"description",
"status",
"created_at",
"fired_at",
Expand All @@ -101,7 +100,6 @@ class Meta:
"activation_instance_id",
"job_instance_id",
"organization_id",
"definition",
]
read_only_fields = ["id", "organization_id", "created_at"]

Expand Down
14 changes: 10 additions & 4 deletions tests/integration/dab_rbac/test_crud_permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,10 +149,12 @@ def test_view_permissions(
response = user_client.get(url, data={})
assert response.status_code == 200, response.data

# Assure GET action is on OPTIONS
# Assure no POST action on OPTIONS since user has no add permission
response = user_client.options(url)
assert response.status_code == 200
assert "actions" not in response.data
assert "GET" in response.data["actions"]
assert "POST" not in response.data["actions"]


@pytest.mark.django_db
Expand All @@ -175,7 +177,10 @@ def test_change_permissions(
# Test OPTIONS without sufficient permissions
response = user_client.options(url)
assert response.status_code == 200
assert "actions" not in response.data # no PATCH or PUT
actions = response.data["actions"]
assert "GET" in actions
assert "PATCH" not in actions # no PATCH or PUT
assert "PUT" not in actions

# Give object change permission
give_obj_perm(default_user, obj, "change")
Expand All @@ -185,8 +190,9 @@ def test_change_permissions(
# Test OPTIONS
response = user_client.options(url)
assert response.status_code == 200
assert "actions" in response.data
assert "PATCH" in response.data["actions"]
actions = response.data["actions"]
assert "GET" in actions
assert "PATCH" in actions


@pytest.mark.django_db
Expand Down
Loading