Mercurial > kallithea
changeset 7283:40fea9b37a32
admin: hooks: prevent editing of builtin hooks (issue #226)
Builtin hooks are supposed to be read-only, but it was still possible to
'add' a new hook with the same name as an existing built-in one, changing
its value.
author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
---|---|
date | Sun, 20 May 2018 22:29:40 +0200 |
parents | d612fd653562 |
children | 8e5450cd4686 |
files | kallithea/controllers/admin/settings.py kallithea/tests/functional/test_admin_settings.py |
diffstat | 2 files changed, 14 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/settings.py Sun May 20 22:23:52 2018 +0200 +++ b/kallithea/controllers/admin/settings.py Sun May 20 22:29:40 2018 +0200 @@ -353,6 +353,8 @@ ui_key = ui_key and ui_key.strip() if ui_key in (x.ui_key for x in Ui.get_custom_hooks()): h.flash(_('Hook already exists'), category='error') + elif ui_key in (x.ui_key for x in Ui.get_builtin_hooks()): + h.flash(_('Builtin hooks are read-only. Please use another hook name.'), category='error') elif ui_value and ui_key: Ui.create_or_update_hook(ui_key, ui_value) h.flash(_('Added new hook'), category='success')
--- a/kallithea/tests/functional/test_admin_settings.py Sun May 20 22:23:52 2018 +0200 +++ b/kallithea/tests/functional/test_admin_settings.py Sun May 20 22:29:40 2018 +0200 @@ -88,6 +88,18 @@ response.mustcontain(no=['test_hooks_2']) response.mustcontain(no=['cd %s2' % TESTS_TMP_PATH]) + def test_add_existing_builtin_hook(self): + self.log_user() + response = self.app.post(url('admin_settings_hooks'), + params=dict(new_hook_ui_key='changegroup.update', + new_hook_ui_value='attempted_new_value', + _authentication_token=self.authentication_token())) + + self.checkSessionFlash(response, 'Builtin hooks are read-only') + response = response.follow() + response.mustcontain('changegroup.update') + response.mustcontain('hg update >&2') + def test_index_search(self): self.log_user() response = self.app.get(url('admin_settings_search'))