diff --git a/opentreemap/api/plots.py b/opentreemap/api/plots.py index b32c2768a..e991bb2c3 100644 --- a/opentreemap/api/plots.py +++ b/opentreemap/api/plots.py @@ -83,10 +83,14 @@ def update_or_create_plot(request, instance, plot_id=None): for key, val in request_dict[model].iteritems(): data["%s.%s" % (model, key)] = val - # We explicitly disallow setting a plot's tree id + # We explicitly disallow setting a plot's tree id. + # We ignore plot's updated at and by because + # auditing sets them automatically. keys = ["tree.plot", "tree.udfs", "tree.instance", + "plot.updated_at", + "plot.updated_by", "plot.instance", "plot.udfs"] diff --git a/opentreemap/api/tests.py b/opentreemap/api/tests.py index 9c53fdfe7..49f8ce535 100644 --- a/opentreemap/api/tests.py +++ b/opentreemap/api/tests.py @@ -596,11 +596,13 @@ def test_update_plot(self): reputation_count = self.user.get_reputation(self.instance) + # Include `updated_by` because the app does send it, + # and the endpoint must ignore it. updated_values = {'plot': - {'geom': - {'y': 0.001, 'x': 0.001, 'srid': 4326}, + {'geom': {'y': 0.001, 'x': 0.001, 'srid': 4326}, 'width': 11, - 'length': 22}} + 'length': 22, + 'updated_by': self.user.pk}} response = put_json("%s/instance/%s/plots/%d" % (API_PFX, self.instance.url_name, test_plot.pk), @@ -725,7 +727,10 @@ def test_update_tree(self): test_tree.diameter = 2.3 test_tree.save_with_user(self.user) - updated_values = {'tree': {'diameter': 3.9}} + # Include `updated_by` because the app does send it, + # and the endpoint must ignore it. + updated_values = {'tree': {'diameter': 3.9}, + 'plot': {'updated_by': self.user.pk}} response = put_json("%s/instance/%s/plots/%d" % (API_PFX, self.instance.url_name, test_plot.id), updated_values, self.client, self.user)