lgcosta/paperless-ngx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: dont enable create endpoint with PassUserMixin

Browse Source
This commit is contained in:
shamoon 2024-04-07 07:35:09 -07:00
parent 622fcf96a0
commit e269973209
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/documents/tests/test_api_documents.py
View File

@ -815,6 +815,14 @@ class TestDocumentApi(DirectoriesMixin, DocumentConsumeDelayMixin, APITestCase):
self.assertIsNone(overrides.document_type_id) self.assertIsNone(overrides.document_type_id)
self.assertIsNone(overrides.tag_ids) self.assertIsNone(overrides.tag_ids)
def test_create_wrong_endpoint(self):
response = self.client.post(
"/api/documents/",
{},
)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_upload_empty_metadata(self): def test_upload_empty_metadata(self):
self.consume_file_mock.return_value = celery.result.AsyncResult( self.consume_file_mock.return_value = celery.result.AsyncResult(
id=str(uuid.uuid4()), id=str(uuid.uuid4()),

10
src/documents/views.py
View File

@ -201,7 +201,7 @@ class IndexView(TemplateView):
return context return context
class PassUserMixin(CreateModelMixin): class PassUserMixin(GenericAPIView):
""" """
Pass a user object to serializer Pass a user object to serializer
""" """
@ -853,7 +853,7 @@ class LogViewSet(ViewSet):
return Response(exist) return Response(exist)
class SavedViewViewSet(ModelViewSet, PassUserMixin): class SavedViewViewSet(ModelViewSet, PassUserMixin, CreateModelMixin):
model = SavedView model = SavedView
queryset = SavedView.objects.all() queryset = SavedView.objects.all()
@ -873,7 +873,7 @@ class SavedViewViewSet(ModelViewSet, PassUserMixin):
serializer.save(owner=self.request.user) serializer.save(owner=self.request.user)
class BulkEditView(GenericAPIView, PassUserMixin): class BulkEditView(PassUserMixin, CreateModelMixin):
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated,)
serializer_class = BulkEditSerializer serializer_class = BulkEditSerializer
parser_classes = (parsers.JSONParser,) parser_classes = (parsers.JSONParser,)
@ -1450,7 +1450,7 @@ def serve_file(doc: Document, use_archive: bool, disposition: str):
return response return response
class BulkEditObjectsView(GenericAPIView, PassUserMixin): class BulkEditObjectsView(PassUserMixin, CreateModelMixin):
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated,)
serializer_class = BulkEditObjectsSerializer serializer_class = BulkEditObjectsSerializer
parser_classes = (parsers.JSONParser,) parser_classes = (parsers.JSONParser,)
@ -1582,7 +1582,7 @@ class CustomFieldViewSet(ModelViewSet):
queryset = CustomField.objects.all().order_by("-created") queryset = CustomField.objects.all().order_by("-created")
class SystemStatusView(GenericAPIView, PassUserMixin): class SystemStatusView(PassUserMixin):
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated,)
def get(self, request, format=None): def get(self, request, format=None):