Forbid delete method in readonly mode

moira-alert · Nov 15, 2023 · cea15c9 · cea15c9
1 parent 5f43be1
commit cea15c9
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/api/middleware/readonly_mode.go b/api/middleware/readonly_mode.go
@@ -22,5 +22,8 @@ func ReadOnlyMiddleware(config *api.Config) func(next http.Handler) http.Handler
 }
 
 func isMutatingMethod(method string) bool {
-	return method == http.MethodPut || method == http.MethodPost || method == http.MethodPatch
+	return method == http.MethodPut ||
+		method == http.MethodPost ||
+		method == http.MethodPatch ||
+		method == http.MethodDelete
 }
diff --git a/api/middleware/readonly_mode_test.go b/api/middleware/readonly_mode_test.go
@@ -46,6 +46,11 @@ func TestReadonlyModeMiddleware(t *testing.T) {
 		Convey("Performing patch request", func() {
 			actual := PerformRequestWithReadonlyModeMiddleware(config, http.MethodPatch)
 
+			So(actual, ShouldEqual, http.StatusForbidden)
+		})
+		Convey("Performing delete request", func() {
+			actual := PerformRequestWithReadonlyModeMiddleware(config, http.MethodDelete)
+
 			So(actual, ShouldEqual, http.StatusForbidden)
 		})
 	})

diff --git a/local/api.yml b/local/api.yml
@@ -50,7 +50,7 @@ web:
     is_plotting_available: true
     is_plotting_default_on: true
     is_subscription_to_all_tags_available: true
-    is_readonly_enabled: false
+    is_readonly_enabled: true
 notification_history:
   ttl: 48h
   query_limit: 10000