Replace POST method for dislike by DELETE

pablosnt · Mar 24, 2024 · 0cc8760 · 0cc8760
1 parent ee4bfdf
commit 0cc8760
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 22 deletions.
diff --git a/src/backend/findings/framework/views.py b/src/backend/findings/framework/views.py
@@ -25,7 +25,11 @@ class FindingViewSet(BaseViewSet):
 
     @extend_schema(exclude=True)
     def create(self, request: Request, *args, **kwargs):
-        return self._method_not_allowed("POST")
+        return self._method_not_allowed("POST") # pragma: no cover
+
+    @extend_schema(exclude=True)
+    def destroy(self, request: Request, *args: Any, **kwargs: Any) -> Response:
+        return self._method_not_allowed("DELETE")   # pragma: no cover
 
     @extend_schema(request=None, responses={200: FindingSerializer})
     @action(detail=True, methods=["POST"], url_path="fix", url_name="fix")
@@ -41,10 +45,6 @@ def fix(self, request: Request, pk: str) -> Response:
             self.get_serializer_class()(finding).data, status=status.HTTP_200_OK
         )
 
-    @extend_schema(exclude=True)
-    def destroy(self, request: Request, *args: Any, **kwargs: Any) -> Response:
-        return self._method_not_allowed("DELETE")
-
     @action(detail=True, methods=["DELETE"], url_path="fix", url_name="remove_fix")
     def remove_fix(self, request: Request, pk: str) -> Response:
         input("UNFIX")

diff --git a/src/backend/findings/urls.py b/src/backend/findings/urls.py
@@ -1,5 +1,3 @@
-from rest_framework.routers import SimpleRouter
-
 from findings.views import (
     CredentialViewSet,
     ExploitViewSet,
@@ -10,6 +8,7 @@
     TechnologyViewSet,
     VulnerabilityViewSet,
 )
+from rest_framework.routers import SimpleRouter
 
 # Register your views here.
 

diff --git a/src/backend/framework/views.py b/src/backend/framework/views.py
@@ -125,8 +125,8 @@ def like(self, request: Request, pk: str) -> Response:
     # all auditors can make POST requests to resources like these.
     @action(
         detail=True,
-        methods=["POST"],
-        url_path="dislike",
+        methods=["DELETE"],
+        url_path="like",
         url_name="dislike",
         permission_classes=[IsAuthenticated, IsAuditor],
     )

diff --git a/src/backend/reporting/views.py b/src/backend/reporting/views.py
@@ -257,7 +257,9 @@ def _get_findings_to_pdf_report(
                         )
                         .all(),
                     }
-                    for host in Host.objects.filter(**{**target_filter, **serializer.validated_filter})
+                    for host in Host.objects.filter(
+                        **{**target_filter, **serializer.validated_filter}
+                    )
                 ],
             }
             if (

diff --git a/src/backend/tests/test_processes.py b/src/backend/tests/test_processes.py
@@ -142,7 +142,7 @@ class ProcessTest(ApiTest):
         ),
         ApiTestCase(["reader1", "reader2"], "post", 403, endpoint="{endpoint}8/like/"),
         ApiTestCase(
-            ["reader1", "reader2"], "post", 403, endpoint="{endpoint}9/dislike/"
+            ["reader1", "reader2"], "delete", 403, endpoint="{endpoint}9/like/"
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],
@@ -186,9 +186,9 @@ class ProcessTest(ApiTest):
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],
-            "post",
+            "delete",
             204,
-            endpoint="{endpoint}8/dislike/",
+            endpoint="{endpoint}8/like/",
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],

diff --git a/src/backend/tests/test_tools.py b/src/backend/tests/test_tools.py
@@ -82,13 +82,13 @@ class ToolTest(ApiTest):
             endpoint="{endpoint}3/",
         ),
         ApiTestCase(
-            ["reader1", "reader2"], "get", 403, endpoint="{endpoint}1/dislike/"
+            ["reader1", "reader2"], "delete", 403, endpoint="{endpoint}1/like/"
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],
-            "post",
+            "delete",
             204,
-            endpoint="{endpoint}1/dislike/",
+            endpoint="{endpoint}1/like/",
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],

diff --git a/src/backend/tests/test_wordlists.py b/src/backend/tests/test_wordlists.py
@@ -121,7 +121,7 @@ class WordlistTest(ApiTest):
         ),
         ApiTestCase(["reader1", "reader2"], "post", 403, endpoint="{endpoint}29/like/"),
         ApiTestCase(
-            ["reader1", "reader2"], "post", 403, endpoint="{endpoint}30/dislike/"
+            ["reader1", "reader2"], "delete", 403, endpoint="{endpoint}30/like/"
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],
@@ -167,9 +167,9 @@ class WordlistTest(ApiTest):
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],
-            "post",
+            "delete",
             204,
-            endpoint="{endpoint}29/dislike/",
+            endpoint="{endpoint}29/like/",
         ),
         ApiTestCase(
             ["admin1", "admin2", "auditor1", "auditor2"],

diff --git a/src/backend/tools/views.py b/src/backend/tools/views.py
@@ -1,7 +1,10 @@
+from typing import Any
+
 from drf_spectacular.utils import extend_schema
 from framework.views import BaseViewSet, LikeViewSet
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.request import Request
+from rest_framework.response import Response
 from security.authorization.permissions import RekonoModelPermission
 from tools.filters import ConfigurationFilter, ToolFilter
 from tools.models import Configuration, Tool
@@ -17,13 +20,17 @@ class ToolViewSet(LikeViewSet):
     permission_classes = [IsAuthenticated, RekonoModelPermission]
     search_fields = ["name", "command"]
     ordering_fields = ["id", "name", "command"]
-    # "post" is needed to allow POST requests to like and dislike tools
-    http_method_names = ["get", "post"]
+    # "post" and "delete" are needed to allow POST requests to like and dislike tools
+    http_method_names = ["get", "post", "delete"]
 
     @extend_schema(exclude=True)
-    def create(self, request: Request, *args, **kwargs):
+    def create(self, request: Request, *args, **kwargs) -> Response:
         return self._method_not_allowed("POST")  # pragma: no cover
 
+    @extend_schema(exclude=True)
+    def destroy(self, request: Request, *args: Any, **kwargs: Any) -> Response:
+        return self._method_not_allowed("DELETE")    # pragma: no cover
+
 
 class ConfigurationViewSet(BaseViewSet):
     """Configuration ViewSet that includes: get and retrieve features."""