Only render the Template API view for authenticated users. Thanks rgarcia for the report.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This commit is contained in:
Roberto Rosario
@@ -7,6 +7,8 @@
|
||||
instead of the literal keys. Avoid warning about invalid key
|
||||
characters. Closes GitLab issue #518. Thanks to TheOneValen @ for the
|
||||
report.
|
||||
* Only render the Template API view for authenticated users.
|
||||
Thanks rgarcia for the report.
|
||||
|
||||
3.1.5 (2018-10-08)
|
||||
==================
|
||||
|
||||
@@ -3,6 +3,7 @@ from __future__ import unicode_literals
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
|
||||
from rest_framework import generics
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
|
||||
from .classes import Template
|
||||
from .serializers import ContentTypeSerializer, TemplateSerializer
|
||||
@@ -22,6 +23,7 @@ class APITemplateView(generics.RetrieveAPIView):
|
||||
get: Retrieve the details of the partial template.
|
||||
"""
|
||||
serializer_class = TemplateSerializer
|
||||
permission_classes = (IsAuthenticated,)
|
||||
|
||||
def get_object(self):
|
||||
return Template.get(self.kwargs['name']).render(request=self.request)
|
||||
|
||||
@@ -7,6 +7,8 @@ from rest_api.tests import BaseAPITestCase
|
||||
|
||||
from ..classes import Template
|
||||
|
||||
TEST_TEMPLATE_RESULT = '<div'
|
||||
|
||||
|
||||
class CommonAPITestCase(BaseAPITestCase):
|
||||
def test_content_type_list_view(self):
|
||||
@@ -15,6 +17,17 @@ class CommonAPITestCase(BaseAPITestCase):
|
||||
|
||||
@override_settings(LANGUAGE_CODE='de')
|
||||
def test_template_detail_view(self):
|
||||
self.login_user()
|
||||
template_main_menu = Template.get(name='main_menu')
|
||||
response = self.client.get(template_main_menu.get_absolute_url())
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
self.assertContains(
|
||||
response=response, text=TEST_TEMPLATE_RESULT, status_code=200
|
||||
)
|
||||
|
||||
def test_template_detail_anonymous_view(self):
|
||||
template_main_menu = Template.get(name='main_menu')
|
||||
response = self.client.get(template_main_menu.get_absolute_url())
|
||||
self.assertNotContains(
|
||||
response=response, text=TEST_TEMPLATE_RESULT, status_code=403
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user