diff --git a/lib/flipper/ui/actions/import.rb b/lib/flipper/ui/actions/import.rb index 4b82f710..bbc94cc1 100644 --- a/lib/flipper/ui/actions/import.rb +++ b/lib/flipper/ui/actions/import.rb @@ -8,6 +8,7 @@ class Import < UI::Action route %r{\A/settings\/import/?\Z} def post + render_read_only if read_only? contents = params['file'][:tempfile].read export = Flipper::Exporters::Json::Export.new(contents: contents) flipper.import(export) diff --git a/lib/flipper/ui/views/settings.erb b/lib/flipper/ui/views/settings.erb index b9ce768e..066acf5d 100644 --- a/lib/flipper/ui/views/settings.erb +++ b/lib/flipper/ui/views/settings.erb @@ -38,6 +38,7 @@ +<% if write_allowed? %>

Import

@@ -51,3 +52,4 @@
+<% end %> diff --git a/spec/flipper/ui/actions/import_spec.rb b/spec/flipper/ui/actions/import_spec.rb index 484ef027..4d7ed770 100644 --- a/spec/flipper/ui/actions/import_spec.rb +++ b/spec/flipper/ui/actions/import_spec.rb @@ -11,11 +11,12 @@ { :csrf => token, 'csrf' => token, '_csrf_token' => token } end + let(:path) { FlipperRoot.join("spec", "fixtures", "flipper_pstore_1679087600.json") } + describe "POST /settings/import" do before do flipper.enable :plausible flipper.disable :google_analytics - path = FlipperRoot.join("spec", "fixtures", "flipper_pstore_1679087600.json") post '/settings/import', { @@ -37,5 +38,26 @@ expect(last_response.status).to be(302) expect(last_response.headers['location']).to eq('/features') end + + context "when in read only mode" do + before do + allow(flipper).to receive(:read_only?) { true } + + post '/settings/import', + { + 'authenticity_token' => token, + 'file' => Rack::Test::UploadedFile.new(path, "application/json"), + }, + 'rack.session' => session + end + + it 'returns 403' do + expect(last_response.status).to be(403) + end + + it 'renders read only template' do + expect(last_response.body).to include('read only') + end + end end end