mirror of
https://github.com/ansible/awx.git
synced 2024-10-30 22:21:13 +03:00
Prevent search on the NotificationTemplate.notification_configuration field
This commit is contained in:
parent
640e5391f3
commit
1a7148dc80
@ -17,7 +17,7 @@ from jinja2.exceptions import TemplateSyntaxError, UndefinedError, SecurityError
|
||||
|
||||
# AWX
|
||||
from awx.api.versioning import reverse
|
||||
from awx.main.models.base import CommonModelNameNotUnique, CreatedModifiedModel
|
||||
from awx.main.models.base import CommonModelNameNotUnique, CreatedModifiedModel, prevent_search
|
||||
from awx.main.utils import encrypt_field, decrypt_field, set_environ
|
||||
from awx.main.notifications.email_backend import CustomEmailBackend
|
||||
from awx.main.notifications.slack_backend import SlackBackend
|
||||
@ -70,7 +70,7 @@ class NotificationTemplate(CommonModelNameNotUnique):
|
||||
choices=NOTIFICATION_TYPE_CHOICES,
|
||||
)
|
||||
|
||||
notification_configuration = JSONField(blank=False)
|
||||
notification_configuration = prevent_search(JSONField(blank=False))
|
||||
|
||||
def default_messages():
|
||||
return {'started': None, 'success': None, 'error': None}
|
||||
|
@ -127,3 +127,11 @@ def test_post_wfjt_running_notification(get, post, admin, notification_template,
|
||||
response = get(url, admin)
|
||||
assert response.status_code == 200
|
||||
assert len(response.data['results']) == 1
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_search_on_notification_configuration_is_prevented(get, admin):
|
||||
url = reverse('api:notification_template_list')
|
||||
response = get(url, {'notification_configuration__regex': 'ABCDEF'}, admin)
|
||||
assert response.status_code == 403
|
||||
assert response.data == {"detail": "Filtering on notification_configuration is not allowed."}
|
||||
|
Loading…
Reference in New Issue
Block a user