Merge pull request #92 from mozilla-services/42-disable-put-endpoint

Disable PUT endpoint for articles (fixes #42)
mozilla-services · Feb 6, 2015 · c808c5a · c808c5a
2 parents ee5e866 + 2bfe538
commit c808c5a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 0 deletions.
diff --git a/docs/errors.rst b/docs/errors.rst
@@ -53,6 +53,8 @@ Error codes
 +-------------+-------+------------------------------------------------+
 | 403         | 121   | Resource's access forbidden for this user      |
 +-------------+-------+------------------------------------------------+
+| 405         | 115   | Method not allowed on this end point           |
++-------------+-------+------------------------------------------------+
 | 409         | 122   | Another resource violates constraint           |
 +-------------+-------+------------------------------------------------+
 | 411         | 112   | Content-Length header was not provided         |

diff --git a/readinglist/errors.py b/readinglist/errors.py
@@ -15,6 +15,7 @@
     INVALID_RESOURCE_ID=110,
     MISSING_RESOURCE=111,
     MODIFIED_MEANWHILE=114,
+    METHOD_NOT_ALLOWED=115,
     FORBIDDEN=121,
     CONSTRAINT_VIOLATED=122,
     REQUEST_TOO_LARGE=113,

diff --git a/readinglist/tests/test_views_article.py b/readinglist/tests/test_views_article.py
@@ -15,6 +15,13 @@ def setUp(self):
         self.before = resp.json
         self.url = '/articles/{id}'.format(id=self.before['_id'])
 
+    def test_replacing_records_is_not_allowed(self):
+        resp = self.app.put_json(self.url,
+                                 MINIMALIST_ARTICLE,
+                                 headers=self.headers,
+                                 status=405)
+        self.assertEqual(resp.json['errno'], 115)
+
     def test_resolved_url_and_titles_are_set(self):
         self.assertEqual(self.before['resolved_url'], "http://mozilla.org")
         self.assertEqual(self.before['resolved_title'], "MoFo")

diff --git a/readinglist/views/article.py b/readinglist/views/article.py
@@ -2,6 +2,7 @@
 from colander import SchemaNode, String
 from pyramid import httpexceptions
 
+from readinglist import errors
 from readinglist.resource import crud, BaseResource, ResourceSchema, TimeStamp
 from readinglist.utils import strip_whitespace
 
@@ -67,6 +68,15 @@ class Options:
 class Article(BaseResource):
     mapping = ArticleSchema()
 
+    def put(self):
+        response = httpexceptions.HTTPMethodNotAllowed(
+            body=errors.format_error(
+                code=httpexceptions.HTTPMethodNotAllowed.code,
+                errno=errors.ERRORS.METHOD_NOT_ALLOWED,
+                error=httpexceptions.HTTPMethodNotAllowed.title),
+            content_type='application/json')
+        raise response
+
     def preprocess_record(self, new, old=None):
         """Operate changes on submitted record.
         This implementation represents the specifities of the *Reading List*