Permalink
Browse files

Bug 1013321 - Ensured permissions are correct before sending them to …

…the middleware. r=peterbe
  • Loading branch information...
1 parent 4164ddc commit 9d3b044961a76a5e78bac18864b7a036923d51ca @adngdb adngdb committed Jun 18, 2014
Showing with 48 additions and 0 deletions.
  1. +26 −0 webapp-django/crashstats/manage/forms.py
  2. +22 −0 webapp-django/crashstats/manage/tests/test_views.py
@@ -88,3 +88,29 @@ class SuperSearchFieldForm(BaseForm):
is_mandatory = forms.BooleanField(required=False)
has_full_version = forms.BooleanField(required=False)
storage_mapping = forms.CharField(required=False)
+
+ def clean_permissions_needed(self):
+ """Removes unknown permissions from the list of permissions.
+
+ This is needed because the html form will send an empty string by
+ default. We don't want that to cause an error, but don't want it to
+ be put in the database either.
+ """
+ values = self.cleaned_data['permissions_needed']
+
+ perms = Permission.objects.filter(content_type__model='')
+ all_permissions = [
+ 'crashstats.' + x.codename for x in perms
+ ]
+
+ return [x for x in values if x in all_permissions]
+
+ def clean_form_field_choices(self):
+ """Removes empty values from the list of choices.
+
+ This is needed because the html form will send an empty string by
+ default. We don't want that to cause an error, but don't want it to
+ be put in the database either.
+ """
+ values = self.cleaned_data['form_field_choices']
+ return [x for x in values if x.strip()]
@@ -1036,6 +1036,18 @@ def test_supersearch_field_update(self, rput, rget):
self._login()
url = reverse('manage:supersearch_field_update')
+ # Create a permission to test permission validation.
+
+ ct = ContentType.objects.create(
+ model='',
+ app_label='crashstats.crashstats',
+ )
+ Permission.objects.create(
+ name='I can haz permission!',
+ codename='i.can.haz.permission',
+ content_type=ct
+ )
+
def mocked_get(url, **options):
assert '/supersearch/fields/' in url
return Response({})
@@ -1046,8 +1058,16 @@ def mocked_put(url, data, **options):
ok_('name' in data)
ok_('description' in data)
ok_('is_returned' in data)
+ ok_('form_field_choices' in data)
+ ok_('permissions_needed' in data)
ok_(not data['is_returned'])
+ ok_('' not in data['form_field_choices'])
+
+ eq_(
+ data['permissions_needed'],
+ ['crashstats.i.can.haz.permission']
+ )
return Response(True)
@@ -1061,6 +1081,8 @@ def mocked_put(url, data, **options):
'in_database_name': 'something',
'description': 'hello world',
'is_returned': False,
+ 'form_field_choices': ['', 'a choice', 'another choice'],
+ 'permissions_needed': ['', 'crashstats.i.can.haz.permission'],
}
)
eq_(response.status_code, 302)

0 comments on commit 9d3b044

Please sign in to comment.