ag-admin
/
OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #4687 from FinnStutzenstein/catchDoubleCreationOfPersonalNotes 

Fix doulbe create requests for personal notes.
This commit is contained in:
Finn Stutzenstein 2019-05-13 14:49:42 +02:00 committed by GitHub
parent c2abe8a0a0 635fd3fad5
commit 6f014279d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 67 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openslides/users/views.py
View File

@ -16,6 +16,7 @@ from django.contrib.sites.shortcuts import get_current_site
from django.core import mail from django.core import mail
from django.core.exceptions import ValidationError as DjangoValidationError from django.core.exceptions import ValidationError as DjangoValidationError
from django.db import transaction from django.db import transaction
from django.db.utils import IntegrityError
from django.http.request import QueryDict from django.http.request import QueryDict
from django.utils.encoding import force_bytes, force_text from django.utils.encoding import force_bytes, force_text
from django.utils.http import urlsafe_base64_decode, urlsafe_base64_encode from django.utils.http import urlsafe_base64_decode, urlsafe_base64_encode
@ -447,7 +448,14 @@ class PersonalNoteViewSet(ModelViewSet):
Customized method to inject the request.user into serializer's save Customized method to inject the request.user into serializer's save
method so that the request.user can be saved into the model field. method so that the request.user can be saved into the model field.
""" """
serializer.save(user=self.request.user) try:
serializer.save(user=self.request.user)
except IntegrityError:
raise ValidationError(
{
"detail": f"The personal note for user {self.request.user.id} does already exist"
}
)
def update(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
""" """

61
tests/integration/users/test_viewset.py
View File

@ -580,10 +580,12 @@ class PersonalNoteTest(TestCase):
Tests for PersonalNote model. Tests for PersonalNote model.
""" """
def setUp(self):
self.admin = User.objects.get(username="admin")
def test_anonymous_without_personal_notes(self): def test_anonymous_without_personal_notes(self):
admin = User.objects.get(username="admin")
personal_note = PersonalNote.objects.create( personal_note = PersonalNote.objects.create(
user=admin, notes='["admin_personal_note_OoGh8choro0oosh0roob"]' user=self.admin, notes='["admin_personal_note_OoGh8choro0oosh0roob"]'
) )
config["general_system_enable_anonymous"] = True config["general_system_enable_anonymous"] = True
guest_client = APIClient() guest_client = APIClient()
@ -592,7 +594,7 @@ class PersonalNoteTest(TestCase):
) )
self.assertEqual(response.status_code, 404) self.assertEqual(response.status_code, 404)
def test_admin_send_JSON(self): def test_create(self):
admin_client = APIClient() admin_client = APIClient()
admin_client.login(username="admin", password="admin") admin_client.login(username="admin", password="admin")
response = admin_client.post( response = admin_client.post(
@ -610,3 +612,56 @@ class PersonalNoteTest(TestCase):
format="json", format="json",
) )
self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_anonymous_create(self):
guest_client = APIClient()
response = guest_client.post(
reverse("personalnote-list"), {"notes": {}}, format="json"
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertFalse(PersonalNote.objects.exists())
def test_create_twice(self):
admin_client = APIClient()
admin_client.login(username="admin", password="admin")
response = admin_client.post(
reverse("personalnote-list"), {"notes": {}}, format="json"
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
response = admin_client.post(
reverse("personalnote-list"), {"notes": {}}, format="json"
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_update(self):
admin_client = APIClient()
admin_client.login(username="admin", password="admin")
personal_note = PersonalNote.objects.create(
user=self.admin, notes="test_note_ld3mo1xjcnKNC(836qWe"
)
response = admin_client.put(
reverse("personalnote-detail", args=[personal_note.pk]),
{"notes": "test_note_do2ncoi7ci2fm93LjwlO"},
format="json",
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(
PersonalNote.objects.get().notes, "test_note_do2ncoi7ci2fm93LjwlO"
)
def test_update_other_user(self):
user = User.objects.create(username="user")
admin_client = APIClient()
admin_client.login(username="admin", password="admin")
personal_note = PersonalNote.objects.create(
user=user, notes="test_note_fof3joqmcufh32fn(/2f"
)
response = admin_client.put(
reverse("personalnote-detail", args=[personal_note.pk]),
{"notes": "test_note_1qowuddm3d8mF8h29fwI"},
format="json",
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(
PersonalNote.objects.get().notes, "test_note_fof3joqmcufh32fn(/2f"
)