From 82ff4b3f2a33b691ec9536e4ffe45db32cc9627f Mon Sep 17 00:00:00 2001 From: zhengxie Date: Wed, 2 Sep 2015 11:14:54 +0800 Subject: [PATCH] [sysadmin] Refactor and fix tests --- seahub/base/decorators.py | 11 +++++++++-- seahub/views/sysadmin.py | 18 +++++------------- tests/seahub/views/test_sysadmin.py | 5 +++-- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/seahub/base/decorators.py b/seahub/base/decorators.py index 2e769322be..ae2faa57aa 100644 --- a/seahub/base/decorators.py +++ b/seahub/base/decorators.py @@ -1,5 +1,5 @@ from django.core.urlresolvers import reverse -from django.http import Http404, HttpResponseRedirect +from django.http import Http404, HttpResponseRedirect, HttpResponseNotAllowed from django.shortcuts import render_to_response from django.template import RequestContext from django.utils.http import urlquote @@ -75,4 +75,11 @@ def repo_passwd_set_required(func): return func(request, *args, **kwargs) return _decorated - + + +def require_POST(func): + def decorated(request, *args, **kwargs): + if request.method != 'POST': + return HttpResponseNotAllowed('Only POST here') + return func(request, *args, **kwargs) + return decorated diff --git a/seahub/views/sysadmin.py b/seahub/views/sysadmin.py index 693708d895..55774b5aae 100644 --- a/seahub/views/sysadmin.py +++ b/seahub/views/sysadmin.py @@ -21,7 +21,7 @@ from pysearpc import SearpcError from seahub.base.accounts import User from seahub.base.models import UserLastLogin -from seahub.base.decorators import sys_staff_required +from seahub.base.decorators import sys_staff_required, require_POST from seahub.base.sudo_mode import update_sudo_mode_ts from seahub.auth import authenticate from seahub.auth.decorators import login_required, login_required_ajax @@ -727,11 +727,9 @@ def sys_org_set_quota(request, org_id): @login_required @sys_staff_required +@require_POST def user_remove(request, email): """Remove user""" - if request.method != 'POST': - raise Http404 - referer = request.META.get('HTTP_REFERER', None) next = reverse('sys_useradmin') if referer is None else referer @@ -793,11 +791,9 @@ def remove_trial(request, user_or_org): @login_required @sys_staff_required +@require_POST def user_remove_admin(request, email): """Unset user admin.""" - if request.method != 'POST': - raise Http404 - try: user = User.objects.get(email=email) user.is_staff = False @@ -934,11 +930,9 @@ def send_user_reset_email(request, email, password): @login_required @sys_staff_required +@require_POST def user_reset(request, email): """Reset password for user.""" - if request.method != 'POST': - raise Http404 - try: user = User.objects.get(email=email) if isinstance(INIT_PASSWD, FunctionType): @@ -1386,12 +1380,10 @@ def user_search(request): @login_required @sys_staff_required +@require_POST def sys_repo_transfer(request): """Transfer a repo to others. """ - if request.method != 'POST': - raise Http404 - repo_id = request.POST.get('repo_id', None) new_owner = request.POST.get('email', None) diff --git a/tests/seahub/views/test_sysadmin.py b/tests/seahub/views/test_sysadmin.py index 1caa4569fe..e20cea3ce3 100644 --- a/tests/seahub/views/test_sysadmin.py +++ b/tests/seahub/views/test_sysadmin.py @@ -53,7 +53,7 @@ class UserResetTest(TestCase, Fixtures): ) old_passwd = self.user.enc_password - resp = self.client.get( + resp = self.client.post( reverse('user_reset', args=[self.user.email]) ) self.assertEqual(302, resp.status_code) @@ -112,9 +112,10 @@ class UserRemoveTest(TestCase, Fixtures): # create one user username = self.user.username - resp = self.client.get( + resp = self.client.post( reverse('user_remove', args=[username]) ) + self.assertEqual(302, resp.status_code) assert 'Successfully deleted %s' % username in parse_cookie(resp.cookies)['messages'] assert len(ccnet_threaded_rpc.search_emailusers('DB', username, -1, -1)) == 0