fix: update HTTP method requirements for borrar_producto and eliminar_direccion views to require POST only
This commit is contained in:
+11
-1
@@ -6,4 +6,14 @@ venv
|
|||||||
.venv
|
.venv
|
||||||
db.sqlite3
|
db.sqlite3
|
||||||
static
|
static
|
||||||
media
|
media
|
||||||
|
docs
|
||||||
|
logs
|
||||||
|
staticfiles
|
||||||
|
.gitignore
|
||||||
|
AGENTS.md
|
||||||
|
Dockerfile
|
||||||
|
Makefile
|
||||||
|
nginx.conf
|
||||||
|
Procfile
|
||||||
|
uv.lock
|
||||||
+19
-3
@@ -4,18 +4,34 @@ ENV PYTHONDONTWRITEBYTECODE=1
|
|||||||
ENV PYTHONUNBUFFERED=1
|
ENV PYTHONUNBUFFERED=1
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY pyproject.toml uv.lock /app/
|
COPY pyproject.toml uv.lock /app/
|
||||||
|
|
||||||
RUN apk --no-cache update && apk --no-cache upgrade \
|
RUN apk --no-cache update \
|
||||||
|
&& apk --no-cache upgrade \
|
||||||
|
&& apk --no-cache add \
|
||||||
|
build-base \
|
||||||
|
freetype-dev \
|
||||||
|
jpeg-dev \
|
||||||
|
zlib-dev \
|
||||||
&& pip install --no-cache-dir uv \
|
&& pip install --no-cache-dir uv \
|
||||||
&& uv sync --no-dev --no-install-project # Install only dependencies, not the local project package
|
&& uv sync --no-dev --no-install-project # Install only dependencies, not the local project package
|
||||||
|
|
||||||
COPY . /app/
|
COPY ./entrypoint.sh /app/entrypoint.sh
|
||||||
RUN chmod +x /app/entrypoint.sh
|
RUN chmod +x /app/entrypoint.sh
|
||||||
|
|
||||||
|
COPY ./proyecto /app/proyecto
|
||||||
|
COPY ./tienda /app/tienda
|
||||||
|
COPY ./manage.py /app/manage.py
|
||||||
|
|
||||||
|
|
||||||
EXPOSE 8000
|
EXPOSE 8000
|
||||||
RUN mkdir -pv /fonts
|
RUN mkdir -pv /fonts
|
||||||
COPY tienda/static/fonts/ /fonts/
|
COPY tienda/static/fonts/ /fonts/
|
||||||
|
|
||||||
|
RUN addgroup -S app \
|
||||||
|
&& adduser -S app -G app \
|
||||||
|
&& chown -R app:app /app /fonts
|
||||||
|
|
||||||
|
USER app
|
||||||
|
|
||||||
ENTRYPOINT ["/bin/sh", "/app/entrypoint.sh"]
|
ENTRYPOINT ["/bin/sh", "/app/entrypoint.sh"]
|
||||||
|
|||||||
+2
-2
@@ -1786,7 +1786,7 @@ class EndpointViewTests(TestCase):
|
|||||||
self.assertTrue(OrderMessage.objects.filter(order_item=item, sender=self.seller).exists())
|
self.assertTrue(OrderMessage.objects.filter(order_item=item, sender=self.seller).exists())
|
||||||
|
|
||||||
delete_get = self.client.get(reverse("borrar_producto", args=[created.id]))
|
delete_get = self.client.get(reverse("borrar_producto", args=[created.id]))
|
||||||
self.assertEqual(delete_get.status_code, 302)
|
self.assertEqual(delete_get.status_code, 405)
|
||||||
delete_post = self.client.post(reverse("borrar_producto", args=[created.id]))
|
delete_post = self.client.post(reverse("borrar_producto", args=[created.id]))
|
||||||
self.assertEqual(delete_post.status_code, 302)
|
self.assertEqual(delete_post.status_code, 302)
|
||||||
self.assertFalse(Product.objects.filter(id=created.id).exists())
|
self.assertFalse(Product.objects.filter(id=created.id).exists())
|
||||||
@@ -2068,7 +2068,7 @@ class EndpointViewTests(TestCase):
|
|||||||
self.assertEqual(new_address.full_name, "Comprador Dos Editado")
|
self.assertEqual(new_address.full_name, "Comprador Dos Editado")
|
||||||
|
|
||||||
delete_get = self.client.get(reverse("eliminar_direccion", args=[new_address.id]))
|
delete_get = self.client.get(reverse("eliminar_direccion", args=[new_address.id]))
|
||||||
self.assertEqual(delete_get.status_code, 302)
|
self.assertEqual(delete_get.status_code, 405)
|
||||||
delete_post = self.client.post(reverse("eliminar_direccion", args=[new_address.id]))
|
delete_post = self.client.post(reverse("eliminar_direccion", args=[new_address.id]))
|
||||||
self.assertEqual(delete_post.status_code, 302)
|
self.assertEqual(delete_post.status_code, 302)
|
||||||
self.assertFalse(ShippingAddress.objects.filter(id=new_address.id).exists())
|
self.assertFalse(ShippingAddress.objects.filter(id=new_address.id).exists())
|
||||||
|
|||||||
+2
-5
@@ -1030,7 +1030,7 @@ def editar_producto(request: HttpRequest, id: int):
|
|||||||
})
|
})
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@require_http_methods(["GET", "POST"])
|
@require_POST
|
||||||
def borrar_producto(request: HttpRequest, id: int):
|
def borrar_producto(request: HttpRequest, id: int):
|
||||||
"""Borra un producto del usuario autenticado"""
|
"""Borra un producto del usuario autenticado"""
|
||||||
|
|
||||||
@@ -2191,12 +2191,9 @@ def editar_direccion(request: HttpRequest, id: int):
|
|||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@require_http_methods(["GET", "POST"])
|
@require_POST
|
||||||
def eliminar_direccion(request: HttpRequest, id: int):
|
def eliminar_direccion(request: HttpRequest, id: int):
|
||||||
"""Elimina una dirección de entrega"""
|
"""Elimina una dirección de entrega"""
|
||||||
if request.method != "POST":
|
|
||||||
messages.error(request, "Acción no permitida.")
|
|
||||||
return redirect("direcciones_usuario")
|
|
||||||
|
|
||||||
direccion = get_object_or_404(ShippingAddress, id=id, user=request.user)
|
direccion = get_object_or_404(ShippingAddress, id=id, user=request.user)
|
||||||
direccion.delete()
|
direccion.delete()
|
||||||
|
|||||||
Reference in New Issue
Block a user