diff --git a/pillar/api/eve_settings.py b/pillar/api/eve_settings.py index ba775537..2c5dc52e 100644 --- a/pillar/api/eve_settings.py +++ b/pillar/api/eve_settings.py @@ -828,3 +828,8 @@ X_DOMAINS = '*' X_ALLOW_CREDENTIALS = True X_HEADERS = 'Authorization' RENDERERS = ['eve.render.JSONRenderer'] + +# TODO(Sybren): this is a quick workaround to make /p/{url}/jstree work again. +# Apparently Eve is now stricter in checking against MONGO_QUERY_BLACKLIST, and +# blocks our use of $regex. +MONGO_QUERY_BLACKLIST = ['$where'] diff --git a/tests/test_web/test_jstree.py b/tests/test_web/test_jstree.py index a0a73b96..c0ebb35a 100644 --- a/tests/test_web/test_jstree.py +++ b/tests/test_web/test_jstree.py @@ -99,3 +99,12 @@ class JSTreeTest(AbstractPillarTest): 'children': False, 'custom_view': False, }) + + def test_jstree_canary(self): + """Test that a project's /jstree URL can be called at all. + + This catches a problem we had with MONGO_QUERY_BLACKLIST. + """ + + resp = self.get(f'/p/{self.project["url"]}/jstree') + self.assertEqual(200, resp.status_code)