restrict /policy PATCH to non-themes (#22564)

This commit is contained in:
Andrew Williamson 2024-08-12 17:18:48 +01:00 коммит произвёл GitHub
Родитель 7b723ad2a5
Коммит 83691aff3e
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
5 изменённых файлов: 45 добавлений и 8 удалений

Просмотреть файл

@ -905,6 +905,9 @@ This endpoint allows an add-on's EULA and privacy policy to be edited.
.. note::
This API requires :doc:`authentication <auth>`, and for the user to be an author of the add-on.
.. note::
This API is not valid for themes - themes do not have EULA or privacy policies.
.. http:patch:: /api/v5/addons/addon/(int:id|string:slug|string:guid)/eula_policy/
:<json object|null eula: The EULA text (See :ref:`translated fields <api-overview-translations>`).

Просмотреть файл

@ -472,6 +472,7 @@ These are `v5` specific changes - `v4` changes apply also.
* 2024-06-20: added ``illegal_category`` parameter to all /abuse/report/ endpoints. https://github.com/mozilla/addons/issues/14870
* 2024-06-20: added ``illegal_subcategory`` parameter to all /abuse/report/ endpoints. https://github.com/mozilla/addons/issues/14875
* 2024-08-08: added support for writing to add-on eula_policy endpoint. https://github.com/mozilla/addons/issues/14927
* 2024-08-22: restricted add-on eula_policy endpoint to non-themes only. https://github.com/mozilla/addons/issues/14937
.. _`#11380`: https://github.com/mozilla/addons-server/issues/11380/
.. _`#11379`: https://github.com/mozilla/addons-server/issues/11379/

Просмотреть файл

@ -84,6 +84,7 @@ from .validators import (
CanSetCompatibilityValidator,
MatchingGuidValidator,
NoFallbackDefaultLocaleValidator,
NoThemesValidator,
ReviewedSourceFileValidator,
VerifyMozillaTrademark,
VersionAddonMetadataValidator,
@ -200,6 +201,7 @@ class PreviewSerializer(AMOModelSerializer):
'thumbnail_size',
'thumbnail_url',
)
validators = (NoThemesValidator(),)
def get_image_url(self, obj):
return absolutify(obj.image_url)
@ -214,13 +216,6 @@ class PreviewSerializer(AMOModelSerializer):
data.pop('position', None)
return data
def validate(self, data):
if self.context['view'].get_addon_object().type == amo.ADDON_STATICTHEME:
raise exceptions.ValidationError(
gettext('Previews cannot be created for themes.')
)
return data
def create(self, validated_data):
image = validated_data.pop('image')
instance = super().create(validated_data)
@ -838,6 +833,7 @@ class AddonEulaPolicySerializer(AMOModelSerializer):
'eula',
'privacy_policy',
)
validators = (NoThemesValidator(),)
def update(self, instance, validated_data):
instance = super().update(instance, validated_data)

Просмотреть файл

@ -5211,6 +5211,28 @@ class TestAddonViewSetEulaPolicy(TestCase):
self.addon.reload()
assert self.addon.summary == original_summary
def test_update_on_theme(self):
user = UserProfile.objects.create(username='user')
self.addon.update(type=amo.ADDON_STATICTHEME)
AddonUser.objects.create(user=user, addon=self.addon)
self.client.login_api(user)
response = self.client.patch(
self.url,
{
'eula': {
'en-US': 'My Updated Add-on EULA in English',
'fr': 'Mes Conditions générales dutilisation',
},
'privacy_policy': {
'en-US': 'My privacy policy',
},
},
)
assert response.status_code == 400
assert response.json() == {
'non_field_errors': ['This endpoint is not valid for Themes.']
}
class TestAddonSearchView(ESTestCase):
client_class = APITestClientSessionID
@ -7239,7 +7261,7 @@ class TestAddonPreviewViewSet(TestCase):
)
assert response.status_code == 400, response.content
assert response.data == {
'non_field_errors': ['Previews cannot be created for themes.']
'non_field_errors': ['This endpoint is not valid for Themes.']
}
self.addon.reload()

Просмотреть файл

@ -316,3 +316,18 @@ class CanSetCompatibilityValidator:
)
}
)
class NoThemesValidator:
requires_context = True
def __call__(self, data, serializer):
addon = (
serializer.instance
if isinstance(serializer.instance, Addon)
else serializer.context['view'].get_addon_object()
)
if addon.type == amo.ADDON_STATICTHEME:
raise exceptions.ValidationError(
gettext('This endpoint is not valid for Themes.')
)