Changeset - 74f880bfcb7b
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 9 years ago 2016-08-04 14:23:36
madski@unity3d.com
routing: introduce 'gist_delete' url and use POST instead of DELETE
3 files changed with 9 insertions and 9 deletions:
kallithea/config/routing.py
2
2
kallithea/templates/admin/gists/show.html
1
1
kallithea/tests/functional/test_admin_gists.py
6
6
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -388,26 +388,26 @@ def make_map(config):
 

			




	
	
	
		
 
    #ADMIN GIST

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/gists') as m:

			




	
	
	
		
 
        m.connect("gists", "/gists",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("gists", "/gists",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_gist", "/gists/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("/gists/{gist_id}",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 
        m.connect("gist_delete", "/gists/{gist_id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_gist", "/gists/{gist_id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET", "POST"]))

			




	
	
	
		
 
        m.connect("edit_gist_check_revision", "/gists/{gist_id}/edit/check_revision",

			




	
	
	
		
 
                  action="check_revision", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("gist", "/gists/{gist_id}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("gist_rev", "/gists/{gist_id}/{revision}",

			




	
	
	
		
 
                  revision="tip",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_gist", "/gists/{gist_id}/{revision}/{format}",

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/gists/show.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -43,25 +43,25 @@

			




	
	
	
		
 
                            ${c.gist.gist_description}

			




	
	
	
		
 
                        </div>

			




	
	
	
		
 
                        <div class="left item last" style="color: #AAA">

			




	
	
	
		
 
                         %if c.gist.gist_expires == -1:

			




	
	
	
		
 
                          ${_('Expires')}: ${_('Never')}

			




	
	
	
		
 
                         %else:

			




	
	
	
		
 
                          ${_('Expires')}: ${h.age(h.time_to_datetime(c.gist.gist_expires))}

			




	
	
	
		
 
                         %endif

			




	
	
	
		
 
                       </div>

			




	
	
	
		
 

			




	
	
	
		
 
                       %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.authuser.user_id:

			




	
	
	
		
 
                        <div style="float:right">

			




	
	
	
		
 
                            ${h.form(url('gist', gist_id=c.gist.gist_id),method='delete')}

			




	
	
	
		
 
                            ${h.form(url('gist_delete', gist_id=c.gist.gist_id))}

			




	
	
	
		
 
                                ${h.submit('remove_gist', _('Delete'),class_="btn btn-mini btn-danger",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")}

			




	
	
	
		
 
                            ${h.end_form()}

			




	
	
	
		
 
                        </div>

			




	
	
	
		
 
                       %endif

			




	
	
	
		
 
                        <div class="buttons">

			




	
	
	
		
 
                          ## only owner should see that

			




	
	
	
		
 
                          %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.authuser.user_id:

			




	
	
	
		
 
                            ${h.link_to(_('Edit'),h.url('edit_gist', gist_id=c.gist.gist_access_id),class_="btn btn-mini")}

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                          ${h.link_to(_('Show as Raw'),h.url('formatted_gist', gist_id=c.gist.gist_access_id, format='raw'),class_="btn btn-mini")}

			




	
	
	
		
 
                        </div>

			




	
	
	
		
 
                    </div>

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_gists.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -123,38 +123,38 @@ class TestGistsController(TestController

			




	
	
	
		
 
        response.mustcontain('added file: foo-desc')

			




	
	
	
		
 
        response.mustcontain('gist test')

			




	
	
	
		
 
        response.mustcontain('gist-desc')

			




	
	
	
		
 
        response.mustcontain('<div class="btn btn-mini btn-success disabled">Public Gist</div>')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_new(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('new_gist'))

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        gist = _create_gist('delete-me')

			




	
	
	
		
 
        response = self.app.post(url('gist', gist_id=gist.gist_id),

			




	
	
	
		
 
            params={'_method': 'delete', '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('gist_delete', gist_id=gist.gist_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_normal_user_his_gist(self):

			




	
	
	
		
 
        self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)

			




	
	
	
		
 
        gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.post(url('gist', gist_id=gist.gist_id),

			




	
	
	
		
 
            params={'_method': 'delete', '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('gist_delete', gist_id=gist.gist_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_normal_user_not_his_own_gist(self):

			




	
	
	
		
 
        self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)

			




	
	
	
		
 
        gist = _create_gist('delete-me')

			




	
	
	
		
 
        response = self.app.post(url('gist', gist_id=gist.gist_id), status=403,

			




	
	
	
		
 
            params={'_method': 'delete', '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('gist_delete', gist_id=gist.gist_id), status=403,

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
    def test_show(self):

			




	
	
	
		
 
        gist = _create_gist('gist-show-me')

			




	
	
	
		
 
        response = self.app.get(url('gist', gist_id=gist.gist_access_id))

			




	
	
	
		
 
        response.mustcontain('added file: gist-show-me<')

			




	
	
	
		
 
        response.mustcontain('%s - created' % TEST_USER_ADMIN_LOGIN)

			




	
	
	
		
 
        response.mustcontain('gist-desc')

			




	
	
	
		
 
        response.mustcontain('<div class="btn btn-mini btn-success disabled">Public Gist</div>')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_show_as_raw(self):

			




	
	
	
		
 
        gist = _create_gist('gist-show-me', content='GIST CONTENT')

			




	
	
	
		
 
        response = self.app.get(url('formatted_gist',

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.