marcel/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2025-08-08 03:08:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix bookmark access restrictions

Browse Source
This commit is contained in:
Sascha Ißbrücker
2022-03-22 02:24:21 +01:00
parent 66995cfab2
commit 1ffc3e0266
6 changed files with 156 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bookmarks/tests/test_bookmark_edit_view.py
View File

@@ -1,3 +1,4 @@
from django.contrib.auth.models import User
from django.test import TestCase
from django.urls import reverse
@@ -95,3 +96,14 @@ class BookmarkEditViewTestCase(TestCase, BookmarkFactoryMixin):
response = self.client.post(reverse('bookmarks:edit', args=[bookmark.id]), form_data)
self.assertRedirects(response, form_data['return_url'])
def test_can_only_edit_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(user=other_user)
form_data = self.create_form_data({'id': bookmark.id})
response = self.client.post(reverse('bookmarks:edit', args=[bookmark.id]), form_data)
bookmark.refresh_from_db()
self.assertNotEqual(bookmark.url, form_data['url'])
self.assertEqual(response.status_code, 404)