jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Always remove ?edit from URL, so users do not share it by mistake

Browse source
This commit is contained in:
Yohan Boniface 2023-09-27 07:13:30 +02:00
parent ff89125c80
commit 013d2fd5ee
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
umap/static/umap/js/umap.js
View file

@ -265,9 +265,11 @@ L.U.Map.include({
if (slug && this.features_index[slug]) this.features_index[slug].view() if (slug && this.features_index[slug]) this.features_index[slug].view()
if (L.Util.queryString('edit')) { if (L.Util.queryString('edit')) {
if (this.hasEditMode()) this.enableEdit() if (this.hasEditMode()) this.enableEdit()
// Sometimes users share the ?edit link by mistake, let's redirect // Sometimes users share the ?edit link by mistake, let's remove
// to canonical in this case // this search parameter from URL to prevent this
else window.location = window.location.pathname const url = new URL(window.location)
url.searchParams.delete('edit')
history.pushState({}, '', url)
} }
if (L.Util.queryString('download')) this.download() if (L.Util.queryString('download')) this.download()
}) })

2
umap/tests/integration/test_owned_map.py
View file

@ -94,6 +94,8 @@ def test_owner_permissions_form(map, datalayer, live_server, login):
".datalayer-permissions select[name='edit_status'] option:checked" ".datalayer-permissions select[name='edit_status'] option:checked"
) )
expect(option).to_have_text("Inherit") expect(option).to_have_text("Inherit")
# Should have been removed since page load
assert "edit" not in page.url
def test_map_update_with_editor(map, live_server, login, user): def test_map_update_with_editor(map, live_server, login, user):