Prevent PUT requests to list resources.

Review Request #13284 — Created Sept. 22, 2023 and submitted

Information

Djblets
release-4.x

Reviewers

We've had a long-standing bug in the API where making a PUT request to a
list resource would generally cause a crash (depending on the particular
implementation of the resource's update method, most of which end up
trying to call get_object without the necessary object key in the
kwargs).

This change makes it so that attempting to PUT to a list resource will
fail with an HTTP 405. We had a similar implementation for POST to item
resources, so this implementation is based on that.

  • Did a PUT to a list resource and saw that I got back an HTTP 405
    (method not allowed) instead of a 500 and HTML error content.
  • Ran unit tests.
  • Updated Review Board unit tests to test this functionality for all
    list resources.
Summary ID
Prevent PUT requests to list resources.
We've had a long-standing bug in the API where making a PUT request to a list resource would generally cause a crash (depending on the particular implementation of the resource's `update` method, most of which end up trying to call `get_object` without the necessary object key in the kwargs). This change makes it so that attempting to PUT to a list resource will fail with an HTTP 405. We had a similar implementation for POST to item resources, so this implementation is based on that. Testing Done: - Did a PUT to a list resource and saw that I got back an HTTP 405 (method not allowed) instead of a 500 and HTML error content. - Ran unit tests. - Updated Review Board unit tests to test this functionality for all list resources.
763b2063e8b6a7754e0f5ada1f8841e4ff5d7b70
Description From Last Updated

Can you update Djblets unit tests for these conditions?

chipx86chipx86

local variable 'response' is assigned to but never used Column: 9 Error code: F841

reviewbotreviewbot

statement ends with a semicolon Column: 51 Error code: E703

reviewbotreviewbot

local variable 'response' is assigned to but never used Column: 9 Error code: F841

reviewbotreviewbot

local variable 'response' is assigned to but never used Column: 9 Error code: F841

reviewbotreviewbot
chipx86
  1. 
      
  2. Show all issues

    Can you update Djblets unit tests for these conditions?

    1. I don't really see anywhere appropriate in the djblets test suite for this. It's covered (quite) thoroughly by the Review Board tests, but we don't seem to actually have any infrastructure in djblets for this right now.

    2. We don't have much test infrastructure, but we can construct a subclass and call e.g. .put() on it, see the result.

  3. 
      
david
david
Review request changed
Change Summary:

Add more tests.

Commits:
Summary ID
Prevent PUT requests to list resources.
We've had a long-standing bug in the API where making a PUT request to a list resource would generally cause a crash (depending on the particular implementation of the resource's `update` method, most of which end up trying to call `get_object` without the necessary object key in the kwargs). This change makes it so that attempting to PUT to a list resource will fail with an HTTP 405. We had a similar implementation for POST to item resources, so this implementation is based on that. Testing Done: - Did a PUT to a list resource and saw that I got back an HTTP 405 (method not allowed) instead of a 500 and HTML error content. - Ran unit tests. - Updated Review Board unit tests to test this functionality for all list resources.
09a5ffa13718d882590a2a5d49134cb90fb06b1e
Prevent PUT requests to list resources.
We've had a long-standing bug in the API where making a PUT request to a list resource would generally cause a crash (depending on the particular implementation of the resource's `update` method, most of which end up trying to call `get_object` without the necessary object key in the kwargs). This change makes it so that attempting to PUT to a list resource will fail with an HTTP 405. We had a similar implementation for POST to item resources, so this implementation is based on that. Testing Done: - Did a PUT to a list resource and saw that I got back an HTTP 405 (method not allowed) instead of a 500 and HTML error content. - Ran unit tests. - Updated Review Board unit tests to test this functionality for all list resources.
a8dfc1014521f4f578057a146bf8de70326cdd82

Checks run (1 failed, 1 succeeded)

flake8 failed.
JSHint passed.

flake8

david
maubin
  1. Ship It!
  2. 
      
chipx86
  1. Ship It!
  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-4.x (9d5cbeb)