wf/jump: respond 404 on non-existing trigger, on all HTTP methods (#58226)
This commit is contained in:
parent
69b72ae6d5
commit
949d9ecfbb
|
@ -108,6 +108,16 @@ def test_workflow_trigger(pub, local_user):
|
|||
get_app(pub).post(sign_uri(formdata.get_url() + 'jump/trigger/XXX/'), status=200)
|
||||
assert formdef.data_class().get(formdata.id).status == 'wf-st2'
|
||||
|
||||
# verify trigger presence (not-404 response)
|
||||
formdata.store() # reset
|
||||
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=403) # not 404: ok
|
||||
assert formdef.data_class().get(formdata.id).status == 'wf-st1'
|
||||
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/ABC'), status=404)
|
||||
# jump, and then test trigger is not available
|
||||
get_app(pub).post(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=200)
|
||||
assert formdef.data_class().get(formdata.id).status == 'wf-st2'
|
||||
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=404)
|
||||
|
||||
pub.role_class.wipe()
|
||||
role = pub.role_class(name='xxx')
|
||||
role.store()
|
||||
|
|
|
@ -71,9 +71,6 @@ class TriggerDirectory(Directory):
|
|||
if get_request().is_json():
|
||||
get_response().set_content_type('application/json')
|
||||
|
||||
if not get_request().get_method() == 'POST':
|
||||
raise errors.AccessForbiddenError()
|
||||
|
||||
signed_request = is_url_signed()
|
||||
user = get_user_from_api_query_string() or get_request().user
|
||||
for item in self.wfstatus.items:
|
||||
|
@ -82,6 +79,8 @@ class TriggerDirectory(Directory):
|
|||
if not hasattr(item, 'trigger'):
|
||||
continue
|
||||
if component == item.trigger:
|
||||
if not get_request().get_method() == 'POST':
|
||||
raise errors.AccessForbiddenError()
|
||||
if signed_request and not item.by:
|
||||
pass
|
||||
elif not item.check_auth(self.formdata, user):
|
||||
|
|
Loading…
Reference in New Issue