applications: do not modify a non editable app (#70891)

2022-10-31 16:14:12 +01:00 · 2022-10-31 16:14:12 +01:00 · 907426d00b
parent f3f20e8f6c
commit 907426d00b
3 changed files with 38 additions and 18 deletions
--- a/hobo/applications/templates/hobo/applications/manifest.html
+++ b/hobo/applications/templates/hobo/applications/manifest.html
@ -17,7 +17,7 @@
  </h2>
  <span class="actions">
    <a class="extra-actions-menu-opener"></a>
-    <a rel="popup" href="{% url 'application-metadata' app_slug=app.slug %}">{% trans 'Metadata' %}</a>
+    {% if app.editable %}<a rel="popup" href="{% url 'application-metadata' app_slug=app.slug %}">{% trans 'Metadata' %}</a>{% endif %}
    <ul class="extra-actions-menu">
      <li><a href="{% url 'application-versions' app_slug=app.slug %}">{% trans 'See all versions' %}</a></li>
    </ul>
@ -31,7 +31,7 @@
      {% if not relation.auto_dependency %}
        <li>
          <a {% if relation.element.get_redirect_url %}href="{{ relation.element.get_redirect_url }}"{% endif %}>{{ relation.element.name }} <span class="extra-info">- {{ relation.element.type_label }}</span></a>
-          <a rel="popup" class="delete" href="{% url 'application-delete-element' app_slug=app.slug pk=relation.id %}">{% trans "remove" %}</a>
+          {% if app.editable %}<a rel="popup" class="delete" href="{% url 'application-delete-element' app_slug=app.slug pk=relation.id %}">{% trans "remove" %}</a>{% endif %}
        </li>
      {% endif %}
    {% endfor %}
@ -46,11 +46,13 @@

  {% if relations %}
    <div class="buttons">
-      <a class="pk-button" href="{% url 'application-scandeps' app_slug=app.slug %}">{% trans "Scan dependencies" %}</a>
-      &nbsp; &nbsp;
-      <a class="pk-button" rel="popup" href="{% url 'application-generate' app_slug=app.slug %}">{% trans "Generate application bundle" %}</a>
-      {% if last_version %}
+      {% if app.editable %}
+        <a class="pk-button" href="{% url 'application-scandeps' app_slug=app.slug %}">{% trans "Scan dependencies" %}</a>
        &nbsp; &nbsp;
+        <a class="pk-button" rel="popup" href="{% url 'application-generate' app_slug=app.slug %}">{% trans "Generate application bundle" %}</a>
+      {% endif %}
+      {% if last_version %}
+        {% if app.editable %}&nbsp; &nbsp;{% endif %}
        <a class="pk-button" download href="{% url 'application-download' app_slug=app.slug %}">{% blocktrans with number=last_version.number %}Download latest version ({{ number }}){% endblocktrans %}</a>
      {% endif %}
    </div>
@ -66,12 +68,14 @@

 {% block sidebar %}
  <aside id="sidebar">
-    <h3>{% trans "Add" %}</h3>
-    {% for service, types in types_by_service.items %}
-      <h4>{{ service }}</h4>
-      {% for type in types %}
-        <a class="button button-paragraph" rel="popup" href="{% url 'application-add-element' app_slug=app.slug type=type.id %}">{{ type.text }}</a>
+    {% if app.editable %}
+      <h3>{% trans "Add" %}</h3>
+      {% for service, types in types_by_service.items %}
+        <h4>{{ service }}</h4>
+        {% for type in types %}
+          <a class="button button-paragraph" rel="popup" href="{% url 'application-add-element' app_slug=app.slug type=type.id %}">{{ type.text }}</a>
+        {% endfor %}
      {% endfor %}
-    {% endfor %}
+    {% endif %}
  </aside>
 {% endblock %}
--- a/hobo/applications/views.py
+++ b/hobo/applications/views.py
@ -133,6 +133,9 @@ class MetadataView(UpdateView):
    slug_url_kwarg = 'app_slug'
    form_class = MetadataForm

+    def get_queryset(self):
+        return super().get_queryset().filter(editable=True)
+
    def get_success_url(self):
        return reverse('application-manifest', kwargs={'app_slug': self.object.slug})

@ -145,7 +148,7 @@ class AppAddElementView(TemplateView):

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        context['app'] = Application.objects.get(slug=self.kwargs['app_slug'])
+        context['app'] = get_object_or_404(Application, slug=self.kwargs['app_slug'], editable=True)
        for object_type in get_object_types():
            if object_type.get('id') == self.kwargs['type']:
                context['type'] = object_type
@ -179,6 +182,9 @@ class AppDeleteElementView(DeleteView):
    model = Relation
    template_name = 'hobo/applications/element_confirm_delete.html'

+    def get_queryset(self):
+        return super().get_queryset().filter(application__editable=True)
+
    def get_success_url(self):
        return reverse('application-manifest', kwargs={'app_slug': self.kwargs['app_slug']})

@ -187,9 +193,10 @@ delete_element = AppDeleteElementView.as_view()


 def scandeps(request, app_slug):
+    app = get_object_or_404(Application, slug=app_slug, editable=True)
    job = AsyncJob(
        label=_('Scanning for dependencies'),
-        application=Application.objects.get(slug=app_slug),
+        application=app,
        action='scandeps',
    )
    job.save()
@ -207,7 +214,7 @@ class GenerateView(FormView):
    template_name = 'hobo/applications/generate.html'

    def get_initial(self):
-        self.app = Application.objects.get(slug=self.kwargs['app_slug'])
+        self.app = get_object_or_404(Application, slug=self.kwargs['app_slug'], editable=True)
        version = self.app.version_set.order_by('last_update_timestamp').last()
        if version:
            self.initial['number'] = version.number
--- a/tests/test_application.py
+++ b/tests/test_application.py
@ -306,8 +306,18 @@ def test_create_application(app, admin_user, settings, analyze):
        assert resp.form['number'].value == '2.0'  # last one
        assert resp.form['notes'].value == 'Foo bar blah. But with an icon.'  # last one

+        # non editable app
+        application.editable = False
+        application.save()
+        app.get('/applications/manifest/test/metadata/', status=404)
+        app.get('/applications/manifest/test/scandeps/', status=404)
+        app.get('/applications/manifest/test/generate/', status=404)
+        app.get('/applications/manifest/test/add/forms/', status=404)
+        app.get('/applications/manifest/test/delete/%s/' % application.relation_set.first().pk, status=404)

-def test_redirect_application_element(app, admin_user, settings):
+
+@pytest.mark.parametrize('editable', [True, False])
+def test_redirect_application_element(app, admin_user, settings, editable):
    Wcs.objects.create(base_url='https://wcs.example.invalid', slug='foobar', title='Foobar')

    settings.KNOWN_SERVICES = {
@ -321,7 +331,7 @@ def test_redirect_application_element(app, admin_user, settings):
        }
    }

-    application = Application.objects.create(name='Test', slug='test')
+    application = Application.objects.create(name='Test', slug='test', editable=editable)
    element = Element.objects.create(
        type='forms',
        slug='test-form',
@ -357,7 +367,6 @@ def test_redirect_application_element(app, admin_user, settings):

    with HTTMock(mocked_http):
        resp = app.get('/applications/manifest/test/')
-        print(resp)
        assert 'https://wcs.example.invalid/api/export-import/forms/test-form/redirect/' in resp
        assert (
            'https://wcs.example.invalid/api/export-import/forms/test2-form/redirect/' in resp