mirror
/
wagtail
kopia lustrzana https://github.com/wagtail/wagtail
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Require POST for editing session ping endpoint

pull/12109/head
Sage Abdullah 2024-07-05 09:50:35 +01:00
rodzic 86b29fe588
commit 08bc2cd367
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: EB1A33CC51CC0217
2 zmienionych plików z 30 dodań i 16 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

41
wagtail/admin/tests/test_editing_sessions.py
Wyświetl plik

@ -89,7 +89,7 @@ class TestPingView(WagtailTestUtils, TestCase):
)
def test_ping_invalid_model(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("testapp", "invalidmodel", str(self.page.id), self.session.id),
@ -105,7 +105,7 @@ class TestPingView(WagtailTestUtils, TestCase):
object_id=editors.pk,
last_seen_at=TIMESTAMP_1,
)
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("auth", "group", str(editors.pk), session.id),
@ -114,7 +114,7 @@ class TestPingView(WagtailTestUtils, TestCase):
self.assertEqual(response.status_code, 404)
def test_ping_non_existent_object(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", 999999, self.session.id),
@ -124,7 +124,7 @@ class TestPingView(WagtailTestUtils, TestCase):
@freeze_time(TIMESTAMP_NOW)
def test_ping_existing_session(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, self.session.id),
@ -151,7 +151,7 @@ class TestPingView(WagtailTestUtils, TestCase):
@freeze_time(TIMESTAMP_NOW)
def test_ping_existing_session_with_editing_flag(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, self.session.id),
@ -179,7 +179,7 @@ class TestPingView(WagtailTestUtils, TestCase):
@freeze_time(TIMESTAMP_NOW)
def test_ping_with_revision(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, self.session.id),
@ -210,7 +210,7 @@ class TestPingView(WagtailTestUtils, TestCase):
with freeze_time(TIMESTAMP_3):
new_revision = self.page.save_revision(user=self.other_user)
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, self.session.id),
@ -240,7 +240,7 @@ class TestPingView(WagtailTestUtils, TestCase):
self.other_session.delete()
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, self.session.id),
@ -271,7 +271,7 @@ class TestPingView(WagtailTestUtils, TestCase):
@freeze_time(TIMESTAMP_NOW)
def test_ping_new_session(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, 999999),
@ -313,7 +313,7 @@ class TestPingView(WagtailTestUtils, TestCase):
@freeze_time(TIMESTAMP_NOW)
def test_ping_new_session_with_editing_flag(self):
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, 999999),
@ -370,7 +370,7 @@ class TestPingView(WagtailTestUtils, TestCase):
permission=Permission.objects.get(codename="change_page"),
)
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, 999999),
@ -378,7 +378,7 @@ class TestPingView(WagtailTestUtils, TestCase):
)
self.assertEqual(response.status_code, 404)
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.other_page.id, 999999),
@ -430,7 +430,7 @@ class TestPingView(WagtailTestUtils, TestCase):
object_id=snippet.pk,
last_seen_at=TIMESTAMP_PAST,
)
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("tests", "fullfeaturedsnippet", str(snippet.pk), session.id),
@ -470,7 +470,7 @@ class TestPingView(WagtailTestUtils, TestCase):
object_id=snippet.pk,
last_seen_at=TIMESTAMP_1,
)
response = self.client.get(
response = self.client.post(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("tests", "fullfeaturedsnippet", str(snippet.pk), session.id),
@ -478,6 +478,19 @@ class TestPingView(WagtailTestUtils, TestCase):
)
self.assertEqual(response.status_code, 404)
def test_must_post(self):
response = self.client.get(
reverse(
"wagtailadmin_editing_sessions:ping",
args=("wagtailcore", "page", self.page.id, 999999),
)
)
self.assertEqual(response.status_code, 405)
self.assertCountEqual(
EditingSession.objects.all(),
[self.session, self.other_session, self.old_session],
)
class TestCleanup(WagtailTestUtils, TestCase):
def setUp(self):

5
wagtail/admin/views/editing_sessions.py
Wyświetl plik

@ -12,6 +12,7 @@ from wagtail.models import Page, Revision, RevisionMixin
from wagtail.permissions import page_permission_policy
@require_POST
def ping(request, app_label, model_name, object_id, session_id):
try:
model = apps.get_model(app_label, model_name)
@ -52,7 +53,7 @@ def ping(request, app_label, model_name, object_id, session_id):
)
session.last_seen_at = timezone.now()
session.is_editing = request.GET.get("is_editing", False)
session.is_editing = request.POST.get("is_editing", False)
session.save()
other_sessions = (
@ -85,7 +86,7 @@ def ping(request, app_label, model_name, object_id, session_id):
if other_session.is_editing:
other_session_info["is_editing"] = True
revision_id = request.GET.get("revision_id", None)
revision_id = request.POST.get("revision_id", None)
if revision_id is not None and issubclass(model, RevisionMixin):
all_revisions = obj.revisions.defer("content")
try: