paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

hotspots: Prevent bot users from accessing endpoint.

Browse Source
This commit is contained in:
Tim Abbott
2017-07-31 11:28:15 -07:00
parent 6a3c8ca2c5
commit 93261e14b7
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
zerver/tests/test_decorators.py
View File

@@ -1016,6 +1016,7 @@ class TestHumanUsersOnlyDecorator(ZulipTestCase):
"/api/v1/users/me/presence",
"/api/v1/users/me/apns_device_token",
"/api/v1/users/me/android_gcm_reg_id",
"/api/v1/users/me/hotspots",
]
for endpoint in post_endpoints:
result = self.client_post(endpoint, **self.api_auth('default-bot@zulip.com'))

3
zerver/views/hotspots.py
View File

@@ -1,13 +1,14 @@
from django.http import HttpRequest, HttpResponse
from django.utils.translation import ugettext as _
from zerver.decorator import has_request_variables, REQ
from zerver.decorator import has_request_variables, REQ, human_users_only
from zerver.lib.actions import do_mark_hotspot_as_read
from zerver.lib.hotspots import ALL_HOTSPOTS
from zerver.lib.response import json_error, json_success
from zerver.lib.validator import check_string
from zerver.models import UserProfile
@human_users_only
@has_request_variables
def mark_hotspot_as_read(request, user, hotspot=REQ(validator=check_string)):
# type: (HttpRequest, UserProfile, str) -> HttpResponse