def test_require_safe_accepts_only_safe_methods(self): """ Test for the require_safe decorator. A view returns either a response or an exception. Refs #15637. """ def my_view(request): return HttpResponse("OK") my_safe_view = require_safe(my_view) request = HttpRequest() request.method = 'GET' self.assertIsInstance(my_safe_view(request), HttpResponse) request.method = 'HEAD' self.assertIsInstance(my_safe_view(request), HttpResponse) request.method = 'POST' self.assertIsInstance(my_safe_view(request), HttpResponseNotAllowed) request.method = 'PUT' self.assertIsInstance(my_safe_view(request), HttpResponseNotAllowed) request.method = 'DELETE' self.assertIsInstance(my_safe_view(request), HttpResponseNotAllowed)
def test_require_safe_accepts_only_safe_methods(self): """ Test for the require_safe decorator. A view returns either a response or an exception. Refs #15637. """ def my_view(request): return HttpResponse("OK") my_safe_view = require_safe(my_view) request = HttpRequest() request.method = "GET" self.assertTrue(isinstance(my_safe_view(request), HttpResponse)) request.method = "HEAD" self.assertTrue(isinstance(my_safe_view(request), HttpResponse)) request.method = "POST" self.assertTrue(isinstance(my_safe_view(request), HttpResponseNotAllowed)) request.method = "PUT" self.assertTrue(isinstance(my_safe_view(request), HttpResponseNotAllowed)) request.method = "DELETE" self.assertTrue(isinstance(my_safe_view(request), HttpResponseNotAllowed))
from django.utils.unittest import TestCase from django.views.decorators.http import require_http_methods, require_GET, require_POST, require_safe from django.views.decorators.vary import vary_on_headers, vary_on_cookie from django.views.decorators.cache import cache_page, never_cache, cache_control def fully_decorated(request): """Expected __doc__""" return HttpResponse('<html><body>dummy</body></html>') fully_decorated.anything = "Expected __dict__" # django.views.decorators.http fully_decorated = require_http_methods(["GET"])(fully_decorated) fully_decorated = require_GET(fully_decorated) fully_decorated = require_POST(fully_decorated) fully_decorated = require_safe(fully_decorated) # django.views.decorators.vary fully_decorated = vary_on_headers('Accept-language')(fully_decorated) fully_decorated = vary_on_cookie(fully_decorated) # django.views.decorators.cache fully_decorated = cache_page(60*15)(fully_decorated) fully_decorated = cache_control(private=True)(fully_decorated) fully_decorated = never_cache(fully_decorated) # django.contrib.auth.decorators # Apply user_passes_test twice to check #9474 fully_decorated = user_passes_test(lambda u:True)(fully_decorated) fully_decorated = login_required(fully_decorated) fully_decorated = permission_required('change_world')(fully_decorated)
Including another URLconf 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ # from django.contrib import admin from django.urls import path, include from django.views.decorators.http import require_safe, require_http_methods, require_POST from link_save import views v1_api_app = views.make_default_app() urlpatterns = [ path( 'api/v1/', include([ path('tokens/', require_safe(v1_api_app.get_tokens)), path('tokens/new/', require_POST(v1_api_app.create_admin_token)), path('users/', require_safe(v1_api_app.get_users)), path( 'users/<int:id>/', require_http_methods(["GET", "HEAD", "DELETE", "PATCH"])(v1_api_app.get_users)), path('users/new/', require_POST(v1_api_app.create_user)), path('users/<int:id>/delete/', require_POST(v1_api_app.delete_user)), path('users/<int:id>/update/', require_POST(v1_api_app.update_user)), path('users/<int:id>/tokens/new/', require_POST(v1_api_app.create_user_token)) ])) ]
from django.views.decorators.vary import vary_on_headers, vary_on_cookie from django.views.decorators.cache import cache_page, never_cache, cache_control def fully_decorated(request): """Expected __doc__""" return HttpResponse('<html><body>dummy</body></html>') fully_decorated.anything = "Expected __dict__" # django.views.decorators.http fully_decorated = require_http_methods(["GET"])(fully_decorated) fully_decorated = require_GET(fully_decorated) fully_decorated = require_POST(fully_decorated) fully_decorated = require_safe(fully_decorated) # django.views.decorators.vary fully_decorated = vary_on_headers('Accept-language')(fully_decorated) fully_decorated = vary_on_cookie(fully_decorated) # django.views.decorators.cache fully_decorated = cache_page(60 * 15)(fully_decorated) fully_decorated = cache_control(private=True)(fully_decorated) fully_decorated = never_cache(fully_decorated) # django.contrib.auth.decorators # Apply user_passes_test twice to check #9474 fully_decorated = user_passes_test(lambda u: True)(fully_decorated) fully_decorated = login_required(fully_decorated) fully_decorated = permission_required('change_world')(fully_decorated)