Merge pull request #4687 from FinnStutzenstein/catchDoubleCreationOfPersonalNotes

Fix doulbe create requests for personal notes.
2019-05-13 14:49:42 +02:00 · 2019-05-13 14:49:42 +02:00 · 6f014279d4
parent c2abe8a0a0 635fd3fad5
commit 6f014279d4
2 changed files with 67 additions and 4 deletions
--- a/openslides/users/views.py
+++ b/openslides/users/views.py
@ -16,6 +16,7 @@ from django.contrib.sites.shortcuts import get_current_site
 from django.core import mail
 from django.core.exceptions import ValidationError as DjangoValidationError
 from django.db import transaction
+from django.db.utils import IntegrityError
 from django.http.request import QueryDict
 from django.utils.encoding import force_bytes, force_text
 from django.utils.http import urlsafe_base64_decode, urlsafe_base64_encode
@ -447,7 +448,14 @@ class PersonalNoteViewSet(ModelViewSet):
        Customized method to inject the request.user into serializer's save
        method so that the request.user can be saved into the model field.
        """
-        serializer.save(user=self.request.user)
+        try:
+            serializer.save(user=self.request.user)
+        except IntegrityError:
+            raise ValidationError(
+                {
+                    "detail": f"The personal note for user {self.request.user.id} does already exist"
+                }
+            )

    def update(self, request, *args, **kwargs):
        """
--- a/tests/integration/users/test_viewset.py
+++ b/tests/integration/users/test_viewset.py
@ -580,10 +580,12 @@ class PersonalNoteTest(TestCase):
    Tests for PersonalNote model.
    """

+    def setUp(self):
+        self.admin = User.objects.get(username="admin")
+
    def test_anonymous_without_personal_notes(self):
-        admin = User.objects.get(username="admin")
        personal_note = PersonalNote.objects.create(
-            user=admin, notes='["admin_personal_note_OoGh8choro0oosh0roob"]'
+            user=self.admin, notes='["admin_personal_note_OoGh8choro0oosh0roob"]'
        )
        config["general_system_enable_anonymous"] = True
        guest_client = APIClient()
@ -592,7 +594,7 @@ class PersonalNoteTest(TestCase):
        )
        self.assertEqual(response.status_code, 404)

-    def test_admin_send_JSON(self):
+    def test_create(self):
        admin_client = APIClient()
        admin_client.login(username="admin", password="admin")
        response = admin_client.post(
@ -610,3 +612,56 @@ class PersonalNoteTest(TestCase):
            format="json",
        )
        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+    def test_anonymous_create(self):
+        guest_client = APIClient()
+        response = guest_client.post(
+            reverse("personalnote-list"), {"notes": {}}, format="json"
+        )
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertFalse(PersonalNote.objects.exists())
+
+    def test_create_twice(self):
+        admin_client = APIClient()
+        admin_client.login(username="admin", password="admin")
+        response = admin_client.post(
+            reverse("personalnote-list"), {"notes": {}}, format="json"
+        )
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        response = admin_client.post(
+            reverse("personalnote-list"), {"notes": {}}, format="json"
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_update(self):
+        admin_client = APIClient()
+        admin_client.login(username="admin", password="admin")
+        personal_note = PersonalNote.objects.create(
+            user=self.admin, notes="test_note_ld3mo1xjcnKNC(836qWe"
+        )
+        response = admin_client.put(
+            reverse("personalnote-detail", args=[personal_note.pk]),
+            {"notes": "test_note_do2ncoi7ci2fm93LjwlO"},
+            format="json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(
+            PersonalNote.objects.get().notes, "test_note_do2ncoi7ci2fm93LjwlO"
+        )
+
+    def test_update_other_user(self):
+        user = User.objects.create(username="user")
+        admin_client = APIClient()
+        admin_client.login(username="admin", password="admin")
+        personal_note = PersonalNote.objects.create(
+            user=user, notes="test_note_fof3joqmcufh32fn(/2f"
+        )
+        response = admin_client.put(
+            reverse("personalnote-detail", args=[personal_note.pk]),
+            {"notes": "test_note_1qowuddm3d8mF8h29fwI"},
+            format="json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(
+            PersonalNote.objects.get().notes, "test_note_fof3joqmcufh32fn(/2f"
+        )