Merge pull request #320 from intuitem/hotfix/error-400-on-backup-export

Fix error 400 when exporting backup

backend/serdes/urls.py

@@ -3,7 +3,7 @@
 from . import views
 
 urlpatterns = [
-    path("dump-db/", views.dump_db_view, name="dump-db"),
+    path("dump-db/", views.ExportBackupView.as_view(), name="dump-db"),
     path(
         "load-backup/",
         views.LoadBackupView.as_view(),

backend/serdes/views.py

@@ -1,55 +1,50 @@
+import io
 import json
-from django.http import HttpResponse
-from django.core import management
-from django.core.management.commands import loaddata, dumpdata
-from django.contrib.auth.decorators import user_passes_test
+import sys
 from datetime import datetime
+
+from ciso_assistant.settings import VERSION
+from django.core import management
+from django.core.management.commands import dumpdata, loaddata
+from django.http import HttpResponse
 from rest_framework import status
 from rest_framework.parsers import JSONParser
 from rest_framework.response import Response
-
 from rest_framework.views import APIView
 
-from ciso_assistant.settings import VERSION
-
-import sys
-import io
-
 from serdes.serializers import LoadBackupSerializer
 
 
-def is_admin_check(user):
-    return user.has_backup_permission
-
-
-@user_passes_test(is_admin_check)
-def dump_db_view(request):
-    response = HttpResponse(content_type="application/json")
-    timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
-    response["Content-Disposition"] = (
-        f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
-    )
-
-    response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
-    # Here we dump th data to stdout
-    # NOTE: We will not be able to dump selected folders with this method.
-    management.call_command(
-        dumpdata.Command(),
-        exclude=["contenttypes", "auth.permission", "sessions.session"],
-        indent=4,
-        stdout=response,
-        natural_foreign=True,
-    )
-    response.write("]")
-    return response
+class ExportBackupView(APIView):
+    def get(self, request, *args, **kwargs):
+        if not request.user.has_backup_permission:
+            return Response(status=status.HTTP_403_FORBIDDEN)
+        response = HttpResponse(content_type="application/json")
+        timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
+        response["Content-Disposition"] = (
+            f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
+        )
+
+        response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
+        # Here we dump th data to stdout
+        # NOTE: We will not be able to dump selected folders with this method.
+        management.call_command(
+            dumpdata.Command(),
+            exclude=["contenttypes", "auth.permission", "sessions.session"],
+            indent=4,
+            stdout=response,
+            natural_foreign=True,
+        )
+        response.write("]")
+        return response
 
 
 class LoadBackupView(APIView):
     parser_classes = (JSONParser,)
     serializer_class = LoadBackupSerializer
 
     def post(self, request, *args, **kwargs):
-        if not is_admin_check(request.user):
+        if not request.user.has_backup_permission:
             return Response(status=status.HTTP_403_FORBIDDEN)
         if request.data:
             sys.stdin = io.StringIO(json.dumps(request.data[1]))