def test_blogpost_delete_by_non_owner(self):
"""Test blogpost delete by non owner of the app is forbidden"""
user = self.create_users()[1]
app = AppFactory.create(owner=user)
blogpost = BlogpostFactory(owner=user, app=app)
url = "/app/%s/%s/delete" % (app.short_name, blogpost.id)
self.register()
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 403, res.status_code
blogpost = db.session.query(Blogpost).first()
assert blogpost is not None
def test_blogpost_delete_by_anonymous(self):
"""Test blogpost delete, anonymous users are redirected to signin"""
user = self.create_users()[1]
app = AppFactory.create(owner=user)
blogpost = BlogpostFactory(owner=user, app=app)
url = "/app/%s/%s/delete" % (app.short_name, blogpost.id)
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert "Please sign in to access this page" in res.data
blogpost = db.session.query(Blogpost).first()
assert blogpost is not None
def test_blogpost_delete_by_owner(self, mock_redirect):
"""Test blogposts, app owners can delete"""
self.register()
user = db.session.query(User).get(1)
app = AppFactory.create(owner=user)
blogpost = BlogpostFactory(owner=user, app=app)
url = "/app/%s/%s/delete" % (app.short_name, blogpost.id)
redirect_url = '/app/%s/blog' % app.short_name
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
mock_redirect.assert_called_with(redirect_url)
blogpost = db.session.query(Blogpost).first()
assert blogpost is None, blogpost
def test_blogpost_update_by_non_owner(self):
"""Test blogpost update by non owner of the app is forbidden"""
user = self.create_users()[1]
app = AppFactory.create(owner=user)
blogpost = BlogpostFactory(owner=user, app=app, title='title')
url = "/app/%s/%s/update" % (app.short_name, blogpost.id)
self.register()
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 403, res.status_code
res = self.app.post(url,
data={
'title': 'new title',
'body': 'body'
},
follow_redirects=True)
assert res.status_code == 403, res.status_code
blogpost = db.session.query(Blogpost).first()
assert blogpost.title == 'title', blogpost.title
def test_blogpost_update_by_anonymous(self):
"""Test blogpost update, anonymous users are redirected to signin"""
user = self.create_users()[1]
app = AppFactory.create(owner=user)
blogpost = BlogpostFactory(owner=user, app=app, title='title')
url = "/app/%s/%s/update" % (app.short_name, blogpost.id)
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert "Please sign in to access this page" in res.data, res.data
res = self.app.post(url,
data={
'id': blogpost.id,
'title': 'new title',
'body': 'new body'
},
follow_redirects=True)
assert res.status_code == 200, res.status_code
assert "Please sign in to access this page" in res.data
blogpost = db.session.query(Blogpost).first()
assert blogpost.title == 'title', blogpost.title
def test_blogpost_update_by_owner(self, mock_redirect):
"""Test blogposts, app owners can update"""
self.register()
user = db.session.query(User).get(1)
app = AppFactory.create(owner=user)
blogpost = BlogpostFactory(owner=user, app=app)
url = "/app/%s/%s/update" % (app.short_name, blogpost.id)
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
res = self.app.post(url,
data={
'id': blogpost.id,
'title': 'blogpost title',
'body': 'new body'
},
follow_redirects=True)
assert res.status_code == 200, res.status_code
mock_redirect.assert_called_with('/app/%s/blog' % app.short_name)
blogpost = db.session.query(Blogpost).first()
assert blogpost.title == 'blogpost title', blogpost.title
assert blogpost.body == 'new body', blogpost.body
