77c3932f8751 — sarahboyce@localhost.localdomain 1 year, 9 months ago 
Allow OPTIONS requests when READ_ONLY is True - Refs #69
patch browse 
4 files changed, 15 insertions(+), 7 deletions(-)

M README.rst
M impersonate/admin.py
M impersonate/middleware.py
M impersonate/tests.py

M README.rst +3 -3
@@ 272,9 272,9 @@ present. Value should be a string contai
    READ_ONLY
 
 A boolean that if set to ``True`` any requests that are not either
-``GET`` or ``HEAD`` will result in a "Bad Request" response (status code
-405). Use this if you want to limit your impersonating users to read
-only impersonation sessions.
+``GET`` or ``HEAD`` or ``OPTIONS`` will result in a "Bad Request"
+response (status code 405). Use this if you want to limit your
+impersonating users to read only impersonation sessions.
 
 Value should be a boolean, defaults to ``False``
 

          
M impersonate/admin.py +1 -1
@@ 176,7 176,7 @@ class ImpersonationLogAdmin(admin.ModelA
     # `return False` hides impersonates module in admin page
     def has_change_permission(self, request, obj=None):
         if settings.ADMIN_READ_ONLY:
-            return request.method in ['GET', 'HEAD']
+            return request.method in ['GET', 'HEAD', 'OPTIONS']
         return True
 
 

          
M impersonate/middleware.py +2 -2
@@ 50,8 50,8 @@ class ImpersonateMiddleware(MiddlewareMi
             except User.DoesNotExist:
                 return
 
-            if settings.READ_ONLY and request.method not in ['GET', 'HEAD']:
-                return HttpResponseNotAllowed(['GET', 'HEAD'])
+            if settings.READ_ONLY and request.method not in ['GET', 'HEAD', 'OPTIONS']:
+                return HttpResponseNotAllowed(['GET', 'HEAD', 'OPTIONS'])
 
             if check_allow_for_user(request, new_user) and check_allow_for_uri(
                 request.path

          
M impersonate/tests.py +9 -1
@@ 828,6 828,8 @@ class TestImpersonation(TestCase):
         self.assertTrue(model_admin.has_change_permission(request))
         request.method = 'HEAD'
         self.assertTrue(model_admin.has_change_permission(request))
+        request.method = 'OPTIONS'
+        self.assertTrue(model_admin.has_change_permission(request))
         request.method = 'POST'
         self.assertFalse(model_admin.has_change_permission(request))
 

          
@@ 842,5 844,11 @@ class TestImpersonation(TestCase):
     @override_settings(IMPERSONATE={'READ_ONLY': True})
     def test_impersonate_read_only(self):
         self._impersonate_helper('user1', 'foobar', 4)
-        resp = self.client.post('/not/real/url/')
+        resp = self.client.post(reverse('impersonate-test'))
         self.assertEqual(resp.status_code, 405)
+        resp = self.client.get(reverse('impersonate-test'))
+        self.assertEqual(resp.status_code, 200)
+        resp = self.client.head(reverse('impersonate-test'))
+        self.assertEqual(resp.status_code, 200)
+        resp = self.client.options(reverse('impersonate-test'))
+        self.assertEqual(resp.status_code, 200)