~petersanchez/public-inbox

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH django-impersonate] Allow OPTIONS requests when READ_ONLY is True - Refs #69

Sarah Boyce <sarahvboyce95@gmail.com>
Details
Message ID
<77c3932f8751d8457a92.1676804158@localhost.localdomain>
DKIM signature
missing
Download raw message
1 year, 1 month ago
Patch: +15 -7 
# HG changeset patch
# User sarahboyce@localhost.localdomain
# Date 1676370721 -3600
#      Tue Feb 14 11:32:01 2023 +0100
# Node ID 77c3932f8751d8457a92596acb8b6a8ba2f73dbb
# Parent  89fffb32473e64276ca1a114bd2291a08e078227
Allow OPTIONS requests when READ_ONLY is True - Refs #69

diff --git a/README.rst b/README.rst
--- a/README.rst
+++ b/README.rst
@@ -272,9 +272,9 @@
   READ_ONLY

A boolean that if set to ``True`` any requests that are not either
``GET`` or ``HEAD`` will result in a "Bad Request" response (status code
405). Use this if you want to limit your impersonating users to read
only impersonation sessions.
``GET`` or ``HEAD`` or ``OPTIONS`` will result in a "Bad Request"
response (status code 405). Use this if you want to limit your
impersonating users to read only impersonation sessions.

Value should be a boolean, defaults to ``False``

diff --git a/impersonate/admin.py b/impersonate/admin.py
--- a/impersonate/admin.py
+++ b/impersonate/admin.py
@@ -176,7 +176,7 @@
    # `return False` hides impersonates module in admin page
    def has_change_permission(self, request, obj=None):
        if settings.ADMIN_READ_ONLY:
            return request.method in ['GET', 'HEAD']
            return request.method in ['GET', 'HEAD', 'OPTIONS']
        return True


diff --git a/impersonate/middleware.py b/impersonate/middleware.py
--- a/impersonate/middleware.py
+++ b/impersonate/middleware.py
@@ -50,8 +50,8 @@
            except User.DoesNotExist:
                return

            if settings.READ_ONLY and request.method not in ['GET', 'HEAD']:
                return HttpResponseNotAllowed(['GET', 'HEAD'])
            if settings.READ_ONLY and request.method not in ['GET', 'HEAD', 'OPTIONS']:
                return HttpResponseNotAllowed(['GET', 'HEAD', 'OPTIONS'])

            if check_allow_for_user(request, new_user) and check_allow_for_uri(
                request.path
diff --git a/impersonate/tests.py b/impersonate/tests.py
--- a/impersonate/tests.py
+++ b/impersonate/tests.py
@@ -828,6 +828,8 @@
        self.assertTrue(model_admin.has_change_permission(request))
        request.method = 'HEAD'
        self.assertTrue(model_admin.has_change_permission(request))
        request.method = 'OPTIONS'
        self.assertTrue(model_admin.has_change_permission(request))
        request.method = 'POST'
        self.assertFalse(model_admin.has_change_permission(request))

@@ -842,5 +844,11 @@
    @override_settings(IMPERSONATE={'READ_ONLY': True})
    def test_impersonate_read_only(self):
        self._impersonate_helper('user1', 'foobar', 4)
        resp = self.client.post('/not/real/url/')
        resp = self.client.post(reverse('impersonate-test'))
        self.assertEqual(resp.status_code, 405)
        resp = self.client.get(reverse('impersonate-test'))
        self.assertEqual(resp.status_code, 200)
        resp = self.client.head(reverse('impersonate-test'))
        self.assertEqual(resp.status_code, 200)
        resp = self.client.options(reverse('impersonate-test'))
        self.assertEqual(resp.status_code, 200)
Peter Sanchez <peter@netlandish.com>
Details
Message ID
<20230220192410.qb6hscr4itonk57n@thinkpad>
In-Reply-To
<77c3932f8751d8457a92.1676804158@localhost.localdomain> (view parent)
DKIM signature
missing
Download raw message
1 year, 1 month ago 
Thanks! Applied here:

https://hg.code.netlandish.com/~petersanchez/django-impersonate/rev/77c3932f8751d8457a92596acb8b6a8ba2f73dbb
Reply to thread Export thread (mbox)