Skip to content

Commit

Permalink
Merge pull request #192 from datosgobar/183-analytics-fix
Browse files Browse the repository at this point in the history
No guardo accesos al panel de admin en analytics
  • Loading branch information
lucaslavandeira authored Feb 19, 2018
2 parents e41c735 + 973b4fe commit 69e8a5e
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
15 changes: 15 additions & 0 deletions series_tiempo_ar_api/apps/analytics/tests.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#! coding: utf-8
import json
import copy

from django.test import TestCase
from django.urls import reverse
Expand Down Expand Up @@ -45,11 +46,13 @@ class AnalyticsViewTests(TestCase):
}

def test_view_valid_body(self):
count_before = Query.objects.count()
response = self.client.post(reverse('analytics:save'),
json.dumps(self.body),
content_type="application/json")

self.assertEqual(response.status_code, 200)
self.assertEqual(Query.objects.count(), count_before + 1)

def test_view_invalid_method(self):
response = self.client.put(reverse('analytics:save'),
Expand All @@ -64,3 +67,15 @@ def test_view_empty_body(self):
content_type='application/json')

self.assertEqual(response.status_code, 400)

def test_admin_call_not_logged(self):
body = copy.deepcopy(self.body)
body['request']['uri'] = 'admin/api/dataset/12'
count_before = Query.objects.count()
response = self.client.post(reverse('analytics:save'),
json.dumps(body),
content_type="application/json")
self.assertEqual(response.status_code, 200)

# Count unchanged
self.assertEqual(Query.objects.count(), count_before)
3 changes: 2 additions & 1 deletion series_tiempo_ar_api/apps/analytics/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ def save(request):
if not req_data: # Fatal error
return HttpResponse(status=400)

if 'api/' not in req_data.get('uri'):
uri = req_data.get('uri')
if 'admin/' in uri or 'api/' not in uri:
return HttpResponse()

params = req_data.get('querystring')
Expand Down

0 comments on commit 69e8a5e

Please sign in to comment.