mirror of
https://github.com/inventree/InvenTree.git
synced 2026-07-05 06:32:55 +00:00
[API] Adjust permissions for machine restart (#12197)
* [API] Adjust permissions for machine restart Can only be actioned by a staff user * Fix import * Wrong class * Extend unit test * Bump API version * Update CHANGELOG
This commit is contained in:
@@ -1,11 +1,14 @@
|
||||
"""InvenTree API version information."""
|
||||
|
||||
# InvenTree API version
|
||||
INVENTREE_API_VERSION = 509
|
||||
INVENTREE_API_VERSION = 510
|
||||
"""Increment this API version number whenever there is a significant change to the API that any clients need to know about."""
|
||||
|
||||
INVENTREE_API_TEXT = """
|
||||
|
||||
v510 -> 2026-06-18 : https://github.com/inventree/InvenTree/pull/12197
|
||||
- Require "staff" access permissions for the machine restart API endpoint
|
||||
|
||||
v509 -> 2026-06-17 : https://github.com/inventree/InvenTree/pull/12184
|
||||
- Adds "completed_row_count_history" and "row_count_history" fields to the DataImportSession model, which store the historic count of completed rows and total rows for a data import session.
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
from django.urls import include, path, re_path
|
||||
|
||||
from drf_spectacular.utils import extend_schema
|
||||
from rest_framework import permissions
|
||||
from rest_framework.exceptions import NotFound
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
@@ -142,7 +143,10 @@ class MachineRestart(APIView):
|
||||
- POST: restart machine by pk
|
||||
"""
|
||||
|
||||
permission_classes = [InvenTree.permissions.IsAuthenticatedOrReadScope]
|
||||
permission_classes = [
|
||||
permissions.IsAuthenticated,
|
||||
InvenTree.permissions.IsStaffOrReadOnlyScope,
|
||||
]
|
||||
|
||||
@extend_schema(
|
||||
request=None, responses={200: MachineSerializers.MachineRestartSerializer()}
|
||||
|
||||
@@ -287,14 +287,23 @@ class MachineAPITest(TestMachineRegistryMixin, InvenTreeAPITestCase):
|
||||
active=True,
|
||||
)
|
||||
|
||||
restart_url = reverse('api-machine-restart', kwargs={'pk': machine.pk})
|
||||
|
||||
# Non-staff users must not be able to restart a machine
|
||||
self.user.is_staff = False
|
||||
self.user.save()
|
||||
self.post(restart_url, expected_code=403)
|
||||
|
||||
# Restore staff access
|
||||
self.user.is_staff = True
|
||||
self.user.save()
|
||||
|
||||
# verify machine status before restart
|
||||
response = self.get(reverse('api-machine-detail', kwargs={'pk': machine.pk}))
|
||||
self.assertEqual(response.data['status_text'], '')
|
||||
|
||||
# restart the machine
|
||||
response = self.post(
|
||||
reverse('api-machine-restart', kwargs={'pk': machine.pk}), expected_code=200
|
||||
)
|
||||
self.post(restart_url, expected_code=200)
|
||||
|
||||
# verify machine status after restart
|
||||
response = self.get(reverse('api-machine-detail', kwargs={'pk': machine.pk}))
|
||||
|
||||
Reference in New Issue
Block a user