From patchwork Mon Aug 22 03:02:13 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael-Doyle Hudson <michael.hudson@linaro.org>
X-Patchwork-Id: 3587
Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org>
X-Original-To: patchwork@peony.canonical.com
Delivered-To: patchwork@peony.canonical.com
Received: from fiordland.canonical.com (fiordland.canonical.com
 [91.189.94.145])
 by peony.canonical.com (Postfix) with ESMTP id 1617B23FA1
 for <patchwork@peony.canonical.com>;
 Mon, 22 Aug 2011 03:02:18 +0000 (UTC)
Received: from mail-gw0-f52.google.com (mail-gw0-f52.google.com [74.125.83.52])
 by fiordland.canonical.com (Postfix) with ESMTP id D116CA185CF
 for <linaro-patchwork@canonical.com>;
 Mon, 22 Aug 2011 03:02:17 +0000 (UTC)
Received: by gwj15 with SMTP id 15so4013748gwj.11
 for <linaro-patchwork@canonical.com>;
 Sun, 21 Aug 2011 20:02:17 -0700 (PDT)
Received: by 10.150.132.17 with SMTP id f17mr1783562ybd.105.1313982136112;
 Sun, 21 Aug 2011 20:02:16 -0700 (PDT)
X-Forwarded-To: linaro-patchwork@canonical.com
X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com
Delivered-To: patches@linaro.org
Received: by 10.150.157.17 with SMTP id f17cs180618ybe;
 Sun, 21 Aug 2011 20:02:15 -0700 (PDT)
Received: by 10.227.12.18 with SMTP id v18mr1551143wbv.72.1313982133748;
 Sun, 21 Aug 2011 20:02:13 -0700 (PDT)
Received: from indium.canonical.com (indium.canonical.com [91.189.90.7])
 by mx.google.com with ESMTPS id
 fk2si14265403wbb.115.2011.08.21.20.02.13
 (version=TLSv1/SSLv3 cipher=OTHER);
 Sun, 21 Aug 2011 20:02:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 bounces@canonical.com designates 91.189.90.7 as permitted
 sender) client-ip=91.189.90.7; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain
 of bounces@canonical.com designates 91.189.90.7 as permitted
 sender) smtp.mail=bounces@canonical.com
Received: from ackee.canonical.com ([91.189.89.26])
 by indium.canonical.com with esmtp (Exim 4.71 #1 (Debian))
 id 1QvKmD-0008CU-1O
 for <patches@linaro.org>; Mon, 22 Aug 2011 03:02:13 +0000
Received: from ackee.canonical.com (localhost [127.0.0.1])
 by ackee.canonical.com (Postfix) with ESMTP id 018DCE0991
 for <patches@linaro.org>; Mon, 22 Aug 2011 03:02:13 +0000 (UTC)
MIME-Version: 1.0
X-Launchpad-Project: lava-scheduler
X-Launchpad-Branch: ~linaro-validation/lava-scheduler/trunk
X-Launchpad-Message-Rationale: Subscriber
X-Launchpad-Branch-Revision-Number: 68
X-Launchpad-Notification-Type: branch-revision
To: Linaro Patch Tracker <patches@linaro.org>
From: noreply@launchpad.net
Subject: [Branch ~linaro-validation/lava-scheduler/trunk] Rev 68: forbid GETs
 to the job_cancel view
Message-Id: <20110822030213.3663.3081.launchpad@ackee.canonical.com>
Date: Mon, 22 Aug 2011 03:02:13 -0000
Reply-To: noreply@launchpad.net
Sender: bounces@canonical.com
Errors-To: bounces@canonical.com
Precedence: bulk
X-Generated-By: Launchpad (canonical.com); Revision="13697";
 Instance="initZopeless config overlay"
X-Launchpad-Hash: e57ddfb3e9ff951854913e71ca25610138d64399

------------------------------------------------------------
revno: 68
committer: Michael-Doyle Hudson <michael.hudson@linaro.org>
branch nick: trunk
timestamp: Mon 2011-08-22 15:01:17 +1200
message:
  forbid GETs to the job_cancel view
modified:
  lava_scheduler_app/views.py
---
lp:lava-scheduler
https://code.launchpad.net/~linaro-validation/lava-scheduler/trunk

You are subscribed to branch lp:lava-scheduler.
To unsubscribe from this branch go to https://code.launchpad.net/~linaro-validation/lava-scheduler/trunk/+edit-subscription

=== modified file 'lava_scheduler_app/views.py'
--- lava_scheduler_app/views.py	2011-08-19 03:32:49 +0000
+++ lava_scheduler_app/views.py	2011-08-22 03:01:17 +0000
@@ -1,11 +1,24 @@
 import os
 
-from django.http import HttpResponse, HttpResponseForbidden
+from django.http import (
+    HttpResponse,
+    HttpResponseForbidden,
+    HttpResponseNotAllowed,
+    )
 from django.template import RequestContext
 from django.shortcuts import redirect, render_to_response
 
 from lava_scheduler_app.models import Device, TestJob
 
+
+def post_only(func):
+    def decorated(request, *args, **kwargs):
+        if request.method != 'POST':
+            return HttpResponseNotAllowed('Only POST here')
+        return func(request, *args, **kwargs)
+    return decorated
+
+
 def index(request):
     return render_to_response(
         "lava_scheduler_app/index.html",
@@ -72,6 +85,7 @@
     return response
 
 
+@post_only
 def job_cancel(request, pk):
     job = TestJob.objects.get(pk=pk)
     if job.can_cancel(request.user):