marcel/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2025-08-07 10:58:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent bookmark actions through get requests

Browse Source
This commit is contained in:
Sascha Ißbrücker
2022-03-27 10:56:09 +02:00
parent 10e5861f01
commit eca98a13f5
11 changed files with 109 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bookmarks/static/shared.js
View File

@@ -19,6 +19,7 @@
if (buttonEl.nodeName === 'BUTTON') { if (buttonEl.nodeName === 'BUTTON') {
confirmEl.type = buttonEl.type; confirmEl.type = buttonEl.type;
confirmEl.name = buttonEl.name; confirmEl.name = buttonEl.name;
confirmEl.value = buttonEl.value;
} }
if (buttonEl.nodeName === 'A') { if (buttonEl.nodeName === 'A') {
confirmEl.href = buttonEl.href; confirmEl.href = buttonEl.href;

4
bookmarks/styles/bookmarks.scss
View File

@@ -153,13 +153,13 @@ ul.bookmark-list {
} }
} }
/* Bulk edit */ /* Bookmark actions / bulk edit */
$bulk-edit-toggle-width: 16px; $bulk-edit-toggle-width: 16px;
$bulk-edit-toggle-offset: 8px; $bulk-edit-toggle-offset: 8px;
$bulk-edit-bar-offset: $bulk-edit-toggle-width + (2 * $bulk-edit-toggle-offset); $bulk-edit-bar-offset: $bulk-edit-toggle-width + (2 * $bulk-edit-toggle-offset);
$bulk-edit-transition-duration: 400ms; $bulk-edit-transition-duration: 400ms;
.bulk-edit-form { .bookmarks-page form.bookmark-actions {
.bulk-edit-bar { .bulk-edit-bar {
margin-top: -17px; margin-top: -17px;

2
bookmarks/templates/bookmarks/archive.html
View File

@@ -18,7 +18,7 @@
{% include 'bookmarks/bulk_edit/toggle.html' %} {% include 'bookmarks/bulk_edit/toggle.html' %}
</div> </div>
<form class="bulk-edit-form" action="{% url 'bookmarks:bulk_edit' %}?return_url={{ return_url }}" <form class="bookmark-actions" action="{% url 'bookmarks:action' %}?return_url={{ return_url }}"
method="post"> method="post">
{% csrf_token %} {% csrf_token %}
{% include 'bookmarks/bulk_edit/bar.html' with mode='archive' %} {% include 'bookmarks/bulk_edit/bar.html' with mode='archive' %}

12
bookmarks/templates/bookmarks/bookmark_list.html
View File

@@ -57,14 +57,14 @@
<a href="{% url 'bookmarks:edit' bookmark.id %}?return_url={{ return_url }}" <a href="{% url 'bookmarks:edit' bookmark.id %}?return_url={{ return_url }}"
class="btn btn-link btn-sm">Edit</a> class="btn btn-link btn-sm">Edit</a>
{% if bookmark.is_archived %} {% if bookmark.is_archived %}
<a href="{% url 'bookmarks:unarchive' bookmark.id %}?return_url={{ return_url }}" <button type="submit" name="unarchive" value="{{ bookmark.id }}"
class="btn btn-link btn-sm">Unarchive</a> class="btn btn-link btn-sm">Unarchive</button>
{% else %} {% else %}
<a href="{% url 'bookmarks:archive' bookmark.id %}?return_url={{ return_url }}" <button type="submit" name="archive" value="{{ bookmark.id }}"
class="btn btn-link btn-sm">Archive</a> class="btn btn-link btn-sm">Archive</button>
{% endif %} {% endif %}
<a href="{% url 'bookmarks:remove' bookmark.id %}?return_url={{ return_url }}" <button type="submit" name="remove" value="{{ bookmark.id }}"
class="btn btn-link btn-sm btn-confirmation">Remove</a> class="btn btn-link btn-sm btn-confirmation">Remove</button>
</div> </div>
</li> </li>
{% endfor %} {% endfor %}

2
bookmarks/templates/bookmarks/index.html
View File

@@ -18,7 +18,7 @@
{% include 'bookmarks/bulk_edit/toggle.html' %} {% include 'bookmarks/bulk_edit/toggle.html' %}
</div> </div>
<form class="bulk-edit-form" action="{% url 'bookmarks:bulk_edit' %}?return_url={{ return_url }}" <form class="bookmark-actions" action="{% url 'bookmarks:action' %}?return_url={{ return_url }}"
method="post"> method="post">
{% csrf_token %} {% csrf_token %}
{% include 'bookmarks/bulk_edit/bar.html' with mode='default' %} {% include 'bookmarks/bulk_edit/bar.html' with mode='default' %}

104
bookmarks/tests/test_bookmark_bulk_edit_view.py → bookmarks/tests/test_bookmark_action_view.py
View File

@@ -7,7 +7,7 @@ from bookmarks.models import Bookmark
from bookmarks.tests.helpers import BookmarkFactoryMixin from bookmarks.tests.helpers import BookmarkFactoryMixin
class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin): class BookmarkActionViewTestCase(TestCase, BookmarkFactoryMixin):
def setUp(self) -> None: def setUp(self) -> None:
user = self.get_or_create_test_user() user = self.get_or_create_test_user()
@@ -19,12 +19,78 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
for bookmark in bookmarks: for bookmark in bookmarks:
self.assertEqual(model_to_dict(bookmark), model_to_dict(Bookmark.objects.get(id=bookmark.id))) self.assertEqual(model_to_dict(bookmark), model_to_dict(Bookmark.objects.get(id=bookmark.id)))
def test_archive_should_archive_bookmark(self):
bookmark = self.setup_bookmark()
self.client.post(reverse('bookmarks:action'), {
'archive': [bookmark.id],
})
bookmark.refresh_from_db()
self.assertTrue(bookmark.is_archived)
def test_can_only_archive_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(user=other_user)
response = self.client.post(reverse('bookmarks:action'), {
'archive': [bookmark.id],
})
bookmark.refresh_from_db()
self.assertEqual(response.status_code, 404)
self.assertFalse(bookmark.is_archived)
def test_unarchive_should_unarchive_bookmark(self):
bookmark = self.setup_bookmark(is_archived=True)
self.client.post(reverse('bookmarks:action'), {
'unarchive': [bookmark.id],
})
bookmark.refresh_from_db()
self.assertFalse(bookmark.is_archived)
def test_unarchive_can_only_archive_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(is_archived=True, user=other_user)
response = self.client.post(reverse('bookmarks:action'), {
'unarchive': [bookmark.id],
})
bookmark.refresh_from_db()
self.assertEqual(response.status_code, 404)
self.assertTrue(bookmark.is_archived)
def test_delete_should_delete_bookmark(self):
bookmark = self.setup_bookmark()
self.client.post(reverse('bookmarks:action'), {
'remove': [bookmark.id],
})
self.assertEqual(Bookmark.objects.count(), 0)
def test_delete_can_only_delete_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(user=other_user)
response = self.client.post(reverse('bookmarks:action'), {
'remove': [bookmark.id],
})
self.assertEqual(response.status_code, 404)
self.assertTrue(Bookmark.objects.filter(id=bookmark.id).exists())
def test_bulk_archive(self): def test_bulk_archive(self):
bookmark1 = self.setup_bookmark() bookmark1 = self.setup_bookmark()
bookmark2 = self.setup_bookmark() bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark() bookmark3 = self.setup_bookmark()
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_archive': [''], 'bulk_archive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
@@ -39,7 +105,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark(user=other_user) bookmark2 = self.setup_bookmark(user=other_user)
bookmark3 = self.setup_bookmark(user=other_user) bookmark3 = self.setup_bookmark(user=other_user)
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_archive': [''], 'bulk_archive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
@@ -53,7 +119,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark(is_archived=True) bookmark2 = self.setup_bookmark(is_archived=True)
bookmark3 = self.setup_bookmark(is_archived=True) bookmark3 = self.setup_bookmark(is_archived=True)
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_unarchive': [''], 'bulk_unarchive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
@@ -68,7 +134,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark(is_archived=True, user=other_user) bookmark2 = self.setup_bookmark(is_archived=True, user=other_user)
bookmark3 = self.setup_bookmark(is_archived=True, user=other_user) bookmark3 = self.setup_bookmark(is_archived=True, user=other_user)
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_unarchive': [''], 'bulk_unarchive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
@@ -82,7 +148,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark() bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark() bookmark3 = self.setup_bookmark()
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_delete': [''], 'bulk_delete': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
@@ -97,7 +163,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark(user=other_user) bookmark2 = self.setup_bookmark(user=other_user)
bookmark3 = self.setup_bookmark(user=other_user) bookmark3 = self.setup_bookmark(user=other_user)
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_delete': [''], 'bulk_delete': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
@@ -113,7 +179,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
tag1 = self.setup_tag() tag1 = self.setup_tag()
tag2 = self.setup_tag() tag2 = self.setup_tag()
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_tag': [''], 'bulk_tag': [''],
'bulk_tag_string': [f'{tag1.name} {tag2.name}'], 'bulk_tag_string': [f'{tag1.name} {tag2.name}'],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
@@ -135,7 +201,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
tag1 = self.setup_tag() tag1 = self.setup_tag()
tag2 = self.setup_tag() tag2 = self.setup_tag()
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_tag': [''], 'bulk_tag': [''],
'bulk_tag_string': [f'{tag1.name} {tag2.name}'], 'bulk_tag_string': [f'{tag1.name} {tag2.name}'],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
@@ -156,7 +222,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark(tags=[tag1, tag2]) bookmark2 = self.setup_bookmark(tags=[tag1, tag2])
bookmark3 = self.setup_bookmark(tags=[tag1, tag2]) bookmark3 = self.setup_bookmark(tags=[tag1, tag2])
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_untag': [''], 'bulk_untag': [''],
'bulk_tag_string': [f'{tag1.name} {tag2.name}'], 'bulk_tag_string': [f'{tag1.name} {tag2.name}'],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
@@ -178,7 +244,7 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark(tags=[tag1, tag2], user=other_user) bookmark2 = self.setup_bookmark(tags=[tag1, tag2], user=other_user)
bookmark3 = self.setup_bookmark(tags=[tag1, tag2], user=other_user) bookmark3 = self.setup_bookmark(tags=[tag1, tag2], user=other_user)
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bulk_untag': [''], 'bulk_untag': [''],
'bulk_tag_string': [f'{tag1.name} {tag2.name}'], 'bulk_tag_string': [f'{tag1.name} {tag2.name}'],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
@@ -192,17 +258,17 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
self.assertCountEqual(bookmark2.tags.all(), [tag1, tag2]) self.assertCountEqual(bookmark2.tags.all(), [tag1, tag2])
self.assertCountEqual(bookmark3.tags.all(), [tag1, tag2]) self.assertCountEqual(bookmark3.tags.all(), [tag1, tag2])
def test_bulk_edit_handles_empty_bookmark_id(self): def test_handles_empty_bookmark_id(self):
bookmark1 = self.setup_bookmark() bookmark1 = self.setup_bookmark()
bookmark2 = self.setup_bookmark() bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark() bookmark3 = self.setup_bookmark()
response = self.client.post(reverse('bookmarks:bulk_edit'), { response = self.client.post(reverse('bookmarks:action'), {
'bulk_archive': [''], 'bulk_archive': [''],
}) })
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
response = self.client.post(reverse('bookmarks:bulk_edit'), { response = self.client.post(reverse('bookmarks:action'), {
'bulk_archive': [''], 'bulk_archive': [''],
'bookmark_id': [], 'bookmark_id': [],
}) })
@@ -215,18 +281,18 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
bookmark2 = self.setup_bookmark() bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark() bookmark3 = self.setup_bookmark()
self.client.post(reverse('bookmarks:bulk_edit'), { self.client.post(reverse('bookmarks:action'), {
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
}) })
self.assertBookmarksAreUnmodified([bookmark1, bookmark2, bookmark3]) self.assertBookmarksAreUnmodified([bookmark1, bookmark2, bookmark3])
def test_bulk_edit_should_redirect_to_return_url(self): def test_should_redirect_to_return_url(self):
bookmark1 = self.setup_bookmark() bookmark1 = self.setup_bookmark()
bookmark2 = self.setup_bookmark() bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark() bookmark3 = self.setup_bookmark()
url = reverse('bookmarks:bulk_edit') + '?return_url=' + reverse('bookmarks:settings.index') url = reverse('bookmarks:action') + '?return_url=' + reverse('bookmarks:settings.index')
response = self.client.post(url, { response = self.client.post(url, {
'bulk_archive': [''], 'bulk_archive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
@@ -234,12 +300,12 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
self.assertRedirects(response, reverse('bookmarks:settings.index')) self.assertRedirects(response, reverse('bookmarks:settings.index'))
def test_bulk_edit_should_not_redirect_to_external_url(self): def test_should_not_redirect_to_external_url(self):
bookmark1 = self.setup_bookmark() bookmark1 = self.setup_bookmark()
bookmark2 = self.setup_bookmark() bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark() bookmark3 = self.setup_bookmark()
url = reverse('bookmarks:bulk_edit') + '?return_url=https://example.com' url = reverse('bookmarks:action') + '?return_url=https://example.com'
response = self.client.post(url, { response = self.client.post(url, {
'bulk_archive': [''], 'bulk_archive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)], 'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],

55
bookmarks/tests/test_bookmark_archive_view.py
View File

@@ -1,55 +0,0 @@
from django.contrib.auth.models import User
from django.test import TestCase
from django.urls import reverse
from bookmarks.tests.helpers import BookmarkFactoryMixin
class BookmarkArchiveViewTestCase(TestCase, BookmarkFactoryMixin):
def setUp(self) -> None:
user = self.get_or_create_test_user()
self.client.force_login(user)
def test_should_archive_bookmark(self):
bookmark = self.setup_bookmark()
self.client.get(reverse('bookmarks:archive', args=[bookmark.id]))
bookmark.refresh_from_db()
self.assertTrue(bookmark.is_archived)
def test_should_redirect_to_index(self):
bookmark = self.setup_bookmark()
response = self.client.get(reverse('bookmarks:archive', args=[bookmark.id]))
self.assertRedirects(response, reverse('bookmarks:index'))
def test_should_redirect_to_return_url_when_specified(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:archive', args=[bookmark.id]) + '?return_url=' + reverse('bookmarks:close')
)
self.assertRedirects(response, reverse('bookmarks:close'))
def test_can_only_archive_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(user=other_user)
response = self.client.get(reverse('bookmarks:archive', args=[bookmark.id]))
bookmark.refresh_from_db()
self.assertEqual(response.status_code, 404)
self.assertFalse(bookmark.is_archived)
def test_should_not_redirect_to_external_url(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:archive', args=[bookmark.id]) + '?return_url=https://example.com'
)
self.assertRedirects(response, reverse('bookmarks:index'))

54
bookmarks/tests/test_bookmark_remove_view.py
View File

@@ -1,54 +0,0 @@
from django.contrib.auth.models import User
from django.test import TestCase
from django.urls import reverse
from bookmarks.models import Bookmark
from bookmarks.tests.helpers import BookmarkFactoryMixin
class BookmarkRemoveViewTestCase(TestCase, BookmarkFactoryMixin):
def setUp(self) -> None:
user = self.get_or_create_test_user()
self.client.force_login(user)
def test_should_delete_bookmark(self):
bookmark = self.setup_bookmark()
self.client.get(reverse('bookmarks:remove', args=[bookmark.id]))
self.assertEqual(Bookmark.objects.count(), 0)
def test_should_redirect_to_index(self):
bookmark = self.setup_bookmark()
response = self.client.get(reverse('bookmarks:remove', args=[bookmark.id]))
self.assertRedirects(response, reverse('bookmarks:index'))
def test_should_redirect_to_return_url_when_specified(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:remove', args=[bookmark.id]) + '?return_url=' + reverse('bookmarks:close')
)
self.assertRedirects(response, reverse('bookmarks:close'))
def test_should_not_redirect_to_external_url(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:remove', args=[bookmark.id]) + '?return_url=https://example.com'
)
self.assertRedirects(response, reverse('bookmarks:index'))
def test_can_only_edit_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(user=other_user)
response = self.client.get(reverse('bookmarks:remove', args=[bookmark.id]))
self.assertEqual(response.status_code, 404)
self.assertTrue(Bookmark.objects.filter(id=bookmark.id).exists())

55
bookmarks/tests/test_bookmark_unarchive_view.py
View File

@@ -1,55 +0,0 @@
from django.contrib.auth.models import User
from django.test import TestCase
from django.urls import reverse
from bookmarks.tests.helpers import BookmarkFactoryMixin
class BookmarkUnarchiveViewTestCase(TestCase, BookmarkFactoryMixin):
def setUp(self) -> None:
user = self.get_or_create_test_user()
self.client.force_login(user)
def test_should_unarchive_bookmark(self):
bookmark = self.setup_bookmark(is_archived=True)
self.client.get(reverse('bookmarks:unarchive', args=[bookmark.id]))
bookmark.refresh_from_db()
self.assertFalse(bookmark.is_archived)
def test_should_redirect_to_archive(self):
bookmark = self.setup_bookmark()
response = self.client.get(reverse('bookmarks:unarchive', args=[bookmark.id]))
self.assertRedirects(response, reverse('bookmarks:archived'))
def test_should_redirect_to_return_url_when_specified(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:unarchive', args=[bookmark.id]) + '?return_url=' + reverse('bookmarks:close')
)
self.assertRedirects(response, reverse('bookmarks:close'))
def test_should_not_redirect_to_external_url(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:unarchive', args=[bookmark.id]) + '?return_url=https://example.com'
)
self.assertRedirects(response, reverse('bookmarks:archived'))
def test_can_only_archive_own_bookmarks(self):
other_user = User.objects.create_user('otheruser', 'otheruser@example.com', 'password123')
bookmark = self.setup_bookmark(is_archived=True, user=other_user)
response = self.client.get(reverse('bookmarks:unarchive', args=[bookmark.id]))
bookmark.refresh_from_db()
self.assertEqual(response.status_code, 404)
self.assertTrue(bookmark.is_archived)

5
bookmarks/urls.py
View File

@@ -15,10 +15,7 @@ urlpatterns = [
path('bookmarks/new', views.bookmarks.new, name='new'), path('bookmarks/new', views.bookmarks.new, name='new'),
path('bookmarks/close', views.bookmarks.close, name='close'), path('bookmarks/close', views.bookmarks.close, name='close'),
path('bookmarks/<int:bookmark_id>/edit', views.bookmarks.edit, name='edit'), path('bookmarks/<int:bookmark_id>/edit', views.bookmarks.edit, name='edit'),
path('bookmarks/<int:bookmark_id>/remove', views.bookmarks.remove, name='remove'), path('bookmarks/action', views.bookmarks.action, name='action'),
path('bookmarks/<int:bookmark_id>/archive', views.bookmarks.archive, name='archive'),
path('bookmarks/<int:bookmark_id>/unarchive', views.bookmarks.unarchive, name='unarchive'),
path('bookmarks/bulkedit', views.bookmarks.bulk_edit, name='bulk_edit'),
# Settings # Settings
path('settings', views.settings.general, name='settings.index'), path('settings', views.settings.general, name='settings.index'),
path('settings/general', views.settings.general, name='settings.general'), path('settings/general', views.settings.general, name='settings.general'),

24
bookmarks/views/bookmarks.py
View File

@@ -135,7 +135,6 @@ def edit(request, bookmark_id: int):
return render(request, 'bookmarks/edit.html', context) return render(request, 'bookmarks/edit.html', context)
@login_required
def remove(request, bookmark_id: int): def remove(request, bookmark_id: int):
try: try:
bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user) bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
@@ -143,11 +142,8 @@ def remove(request, bookmark_id: int):
raise Http404('Bookmark does not exist') raise Http404('Bookmark does not exist')
bookmark.delete() bookmark.delete()
return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:index'))
return HttpResponseRedirect(return_url)
@login_required
def archive(request, bookmark_id: int): def archive(request, bookmark_id: int):
try: try:
bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user) bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
@@ -155,11 +151,8 @@ def archive(request, bookmark_id: int):
raise Http404('Bookmark does not exist') raise Http404('Bookmark does not exist')
archive_bookmark(bookmark) archive_bookmark(bookmark)
return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:index'))
return HttpResponseRedirect(return_url)
@login_required
def unarchive(request, bookmark_id: int): def unarchive(request, bookmark_id: int):
try: try:
bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user) bookmark = Bookmark.objects.get(pk=bookmark_id, owner=request.user)
@@ -167,25 +160,32 @@ def unarchive(request, bookmark_id: int):
raise Http404('Bookmark does not exist') raise Http404('Bookmark does not exist')
unarchive_bookmark(bookmark) unarchive_bookmark(bookmark)
return_url = get_safe_return_url(request.GET.get('return_url'), reverse('bookmarks:archived'))
return HttpResponseRedirect(return_url)
@login_required @login_required
def bulk_edit(request): def action(request):
bookmark_ids = request.POST.getlist('bookmark_id')
# Determine action # Determine action
if 'archive' in request.POST:
archive(request, request.POST['archive'])
if 'unarchive' in request.POST:
unarchive(request, request.POST['unarchive'])
if 'remove' in request.POST:
remove(request, request.POST['remove'])
if 'bulk_archive' in request.POST: if 'bulk_archive' in request.POST:
bookmark_ids = request.POST.getlist('bookmark_id')
archive_bookmarks(bookmark_ids, request.user) archive_bookmarks(bookmark_ids, request.user)
if 'bulk_unarchive' in request.POST: if 'bulk_unarchive' in request.POST:
bookmark_ids = request.POST.getlist('bookmark_id')
unarchive_bookmarks(bookmark_ids, request.user) unarchive_bookmarks(bookmark_ids, request.user)
if 'bulk_delete' in request.POST: if 'bulk_delete' in request.POST:
bookmark_ids = request.POST.getlist('bookmark_id')
delete_bookmarks(bookmark_ids, request.user) delete_bookmarks(bookmark_ids, request.user)
if 'bulk_tag' in request.POST: if 'bulk_tag' in request.POST:
bookmark_ids = request.POST.getlist('bookmark_id')
tag_string = convert_tag_string(request.POST['bulk_tag_string']) tag_string = convert_tag_string(request.POST['bulk_tag_string'])
tag_bookmarks(bookmark_ids, tag_string, request.user) tag_bookmarks(bookmark_ids, tag_string, request.user)
if 'bulk_untag' in request.POST: if 'bulk_untag' in request.POST:
bookmark_ids = request.POST.getlist('bookmark_id')
tag_string = convert_tag_string(request.POST['bulk_tag_string']) tag_string = convert_tag_string(request.POST['bulk_tag_string'])
untag_bookmarks(bookmark_ids, tag_string, request.user) untag_bookmarks(bookmark_ids, tag_string, request.user)