Use POST for timer stop and restart operations

This commit is contained in:
Christopher C. Wells 2021-07-31 13:11:21 -07:00
parent 4673c2b8bd
commit c2513ff843
3 changed files with 23 additions and 13 deletions

View File

@ -60,30 +60,32 @@
</a> </a>
{% endif %} {% endif %}
<div class="btn-group btn-group-lg center-block" role="group" aria-label="{% trans "Timer actions" %}"> <div class="center-block" role="group" aria-label="{% trans "Timer actions" %}">
{% if perms.core.delete_timer %} {% if perms.core.delete_timer %}
<a class="btn btn-danger" <a class="btn btn-lg btn-danger"
href="{% url 'core:timer-delete' timer.id %}" href="{% url 'core:timer-delete' timer.id %}"
role="button"><i class="icon icon-delete" aria-hidden="true"></i></a> role="button"><i class="icon icon-delete" aria-hidden="true"></i></a>
{% endif %} {% endif %}
{% if perms.core.change_timer %} {% if perms.core.change_timer %}
<a class="btn btn-primary" <a class="btn btn-lg btn-primary"
href="{% url 'core:timer-update' timer.id %}" href="{% url 'core:timer-update' timer.id %}"
role="button"><i class="icon icon-update" aria-hidden="true"></i></a> role="button"><i class="icon icon-update" aria-hidden="true"></i></a>
<a class="btn btn-secondary" <form action="{% url 'core:timer-restart' timer.id %}" role="form" method="post" class="d-inline">
href="{% url 'core:timer-restart' timer.id %}" {% csrf_token %}
role="button"><i class="icon icon-refresh" aria-hidden="true"></i></a> <label class="sr-only">{% trans "Restart timer" %}</label>
<button type="submit" class="btn btn-lg btn-secondary"><i class="icon icon-refresh" aria-hidden="true"></i></button>
</form>
{% if object.active %} {% if object.active %}
<a class="btn btn-warning" <form action="{% url 'core:timer-stop' timer.id %}" role="form" method="post" class="d-inline">
href="{% url 'core:timer-stop' timer.id %}" {% csrf_token %}
role="button"><i class="icon icon-stop" aria-hidden="true"></i></a> <label class="sr-only">{% trans "Delete timer" %}</label>
<button type="submit" class="btn btn-lg btn-warning"><i class="icon icon-stop" aria-hidden="true"></i></button>
</form>
{% endif %} {% endif %}
{% endif %} {% endif %}
</div> </div>
</div> </div>
{% endblock %} {% endblock %}

View File

@ -125,9 +125,15 @@ class ViewsTestCase(TestCase):
self.assertEqual(page.status_code, 200) self.assertEqual(page.status_code, 200)
page = self.c.get('/timers/{}/delete/'.format(entry.id)) page = self.c.get('/timers/{}/delete/'.format(entry.id))
self.assertEqual(page.status_code, 200) self.assertEqual(page.status_code, 200)
page = self.c.get('/timers/{}/stop/'.format(entry.id), follow=True)
page = self.c.get('/timers/{}/stop/'.format(entry.id))
self.assertEqual(page.status_code, 405)
page = self.c.post('/timers/{}/stop/'.format(entry.id), follow=True)
self.assertEqual(page.status_code, 200) self.assertEqual(page.status_code, 200)
page = self.c.get('/timers/{}/restart/'.format(entry.id), follow=True)
page = self.c.get('/timers/{}/restart/'.format(entry.id))
self.assertEqual(page.status_code, 405)
page = self.c.post('/timers/{}/restart/'.format(entry.id), follow=True)
self.assertEqual(page.status_code, 200) self.assertEqual(page.status_code, 200)
page = self.c.get('/timers/delete-inactive/', follow=True) page = self.c.get('/timers/delete-inactive/', follow=True)

View File

@ -324,6 +324,7 @@ class TimerAddQuick(PermissionRequired403Mixin, RedirectView):
class TimerRestart(PermissionRequired403Mixin, RedirectView): class TimerRestart(PermissionRequired403Mixin, RedirectView):
http_method_names = ['post']
permission_required = ('core.change_timer',) permission_required = ('core.change_timer',)
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
@ -337,6 +338,7 @@ class TimerRestart(PermissionRequired403Mixin, RedirectView):
class TimerStop(PermissionRequired403Mixin, SuccessMessageMixin, RedirectView): class TimerStop(PermissionRequired403Mixin, SuccessMessageMixin, RedirectView):
http_method_names = ['post']
permission_required = ('core.change_timer',) permission_required = ('core.change_timer',)
success_message = _('%(timer)s stopped.') success_message = _('%(timer)s stopped.')