[fix] Guard admin reverse and template url behind FIRMWARE_UPGRADER_API #444

[BHARATH0153]

Checklist

• I have read the OpenWISP Contributing Guidelines.
• I have manually tested the changes proposed in this pull request.
• I have written new test cases for new code and/or updated existing tests for changes to existing code.
• I have updated the documentation.

Reference to Existing Issue

Closes #444

Changes

Guard the reverse("upgrader:api_upgradeoperation_cancel") call in the admin and the {% url %} tag in the template behind FIRMWARE_UPGRADER_API. When the API is disabled, the URL doesn't exist and these cause NoReverseMatch — now they gracefully return empty string instead of crashing.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR fixes a bug where the admin pages unconditionally reverse the upgrader:api_upgradeoperation_cancel URL, which only exists when FIRMWARE_UPGRADER_API is enabled. The fix adds a conditional check in UpgradeOperationAdmin.change_view to only set the cancel URL when the API is active, and updates the template to safely default to an empty string when the URL is missing, preventing NoReverseMatch errors on the device and upgrade-operation admin pages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

bug, python

Suggested reviewers

• pandafy
• nemesifier

---

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

• Ignore

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Bug Fixes	❌ Error	PR #447 changes only admin.py + device_firmware_inline.html and adds no tests; repo test suite has no coverage for FIRMWARE_UPGRADER_API=False/admin cancel-url; no Selenium test added.	Add a deterministic Django regression test that sets FIRMWARE_UPGRADER_API=False and asserts admin device/upgrade-operation change pages render (cancel URL empty) + fail without the guard; add a selenium UI check if required.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR fully addresses issue #444 by guarding both the admin.py reverse call and template URL tag behind FIRMWARE_UPGRADER_API, preventing NoReverseMatch errors when the API is disabled.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the requirements in issue #444: modifications to admin.py and device_firmware_inline.html templates to conditionally handle the URL reversal.
Title check	✅ Passed	The title follows the required format with [fix] prefix, is directly related to the main change (guarding URLs behind FIRMWARE_UPGRADER_API), and references the linked issue #444.
Description check	✅ Passed	The description addresses the core changes and references issue #444, but the required checklist items are incomplete—none of the checkboxes are marked as completed.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[BHARATH0153]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[BHARATH0153]

@coderabbitai any outstanding issues?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get PR details, review comments, and checks
gh pr view 447 --repo openwisp/openwisp-firmware-upgrader --json title,state,reviews,reviewDecision,statusCheckRollup

echo "=== PR REVIEW COMMENTS ==="
gh api repos/openwisp/openwisp-firmware-upgrader/pulls/447/comments --jq '.[] | {user: .user.login, body: .body, path: .path, line: .line, resolved: .pull_request_review_id}'

echo "=== PR ISSUE COMMENTS ==="
gh api repos/openwisp/openwisp-firmware-upgrader/issues/447/comments --jq '.[] | {user: .user.login, body: .body[0:300]}'

echo "=== PR FILES ==="
gh api repos/openwisp/openwisp-firmware-upgrader/pulls/447/files --jq '.[] | {filename: .filename, additions: .additions, deletions: .deletions}'

Length of output: 7009

---

🏁 Script executed:

#!/bin/bash
# Look at the actual diff to check for issues
gh api repos/openwisp/openwisp-firmware-upgrader/pulls/447 --jq '.body'

Length of output: 892

---

🏁 Script executed:

#!/bin/bash
# Get the changed files content
echo "=== admin.py patch ==="
gh api repos/openwisp/openwisp-firmware-upgrader/pulls/447/files --jq '.[] | select(.filename | contains("admin")) | .patch'

echo "=== template patch ==="
gh api repos/openwisp/openwisp-firmware-upgrader/pulls/447/files --jq '.[] | select(.filename | contains("template") or contains("html")) | .patch'

Length of output: 2364

---

---

@BHARATH0153 Here's a summary of outstanding issues I see with this PR:

---

✅ Good news

All CI checks pass across all Python/Django matrix combinations, and there are no unresolved review comments.

---

⚠️ Outstanding issues

1. No automated tests (checklist item unchecked — most important)
   There are no new test cases verifying the fix. A test that sets OPENWISP_FIRMWARE_UPGRADER_API = False and asserts that:

   • The UpgradeOperationAdmin change view renders without NoReverseMatch
   • The DeviceFirmwareInline page renders without error
     …would be essential before this can be merged.

2. Frontend JS is not guarded
   When the API is disabled, owUpgradeOperationCancelUrl is set to "". If the JavaScript that drives the cancel-upgrade UI unconditionally wires event handlers to that URL, clicking cancel could trigger a request to an empty URL (""). Ideally the cancel button/functionality should be hidden or disabled when the URL is an empty string.

3. Inconsistent suppression strategies (minor)
   admin.py uses an explicit Python-level if/else, while device_firmware_inline.html uses Django's {% url ... as var %}{{ var|default:'' }} silent suppression. The template approach would also silently swallow a genuine typo in the URL name — this is low-risk but worth being aware of.

4. Docs/manual testing (checklist items unchecked)
   These may or may not need updates depending on the project's conventions, but they're flagged as incomplete.

The most blocking item before merge is adding tests for the OPENWISP_FIRMWARE_UPGRADER_API = False path.