def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
# Give user permission to one of the forums
u = user(save=True)
perm = 'forums_forum.view_in_forum'
ct = ContentType.objects.get_for_model(f1)
permission(codename=perm, content_type=ct,
object_id=f1.id, user=u, save=True)
assert access.has_perm(u, perm, f1)
assert not access.has_perm(u, perm, f2)
def test_read_without_permission(self):
"""Listing posts without the view_in_forum permission should 404."""
rforum = restricted_forum()
t = thread(forum=rforum, save=True)
response = get(self.client, 'forums.posts', args=[t.forum.slug, t.id])
eq_(404, response.status_code)
def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
admin = user(is_staff=True, is_superuser=True, save=True)
# Loop over all forums perms and both forums
perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
'thread_sticky_forum', 'thread_locked_forum',
'post_delete_forum', 'view_in_forum')
for perm in perms:
for forum in [f1, f2]:
assert access.has_perm(admin, 'forums_forum.' + perm, forum)
def test_read_without_permission(self):
"""Listing threads without the view_in_forum permission should 404.
"""
rforum = restricted_forum()
response = get(self.client, 'forums.threads', args=[rforum.slug])
eq_(404, response.status_code)
def test_read_without_permission(self):
"""Listing posts without the view_in_forum permission should 404."""
rforum = restricted_forum()
t = thread(forum=rforum, save=True)
response = get(self.client, 'forums.posts', args=[t.forum.slug, t.id])
eq_(404, response.status_code)
def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
admin = user(is_staff=True, is_superuser=True, save=True)
# Loop over all forums perms and both forums
perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
'thread_sticky_forum', 'thread_locked_forum',
'post_delete_forum', 'view_in_forum')
for perm in perms:
for forum in [f1, f2]:
assert access.has_perm(admin, 'forums_forum.' + perm, forum)
def test_forums_search_authorized_forums(self):
"""Only authorized people can search certain forums"""
# Create two threads: one in a restricted forum and one not.
forum1 = forum(name=u'ou812forum', save=True)
thread1 = thread(forum=forum1, save=True)
post(thread=thread1, content=u'audio', save=True)
forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
thread2 = thread(forum=forum2, save=True)
post(thread=thread2, content=u'audio restricted', save=True)
self.refresh()
# Do a search as an anonymous user but don't specify the
# forums to filter on. Should only see one of the posts.
response = self.client.get(reverse('search'), {
'author': '',
'created': '0',
'created_date': '',
'updated': '0',
'updated_date': '',
'sortby': '0',
'a': '1',
'w': '4',
'q': 'audio',
'format': 'json'
})
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content['total'], 1)
# Do a search as an authorized user but don't specify the
# forums to filter on. Should see both posts.
u = user(save=True)
g = group(save=True)
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
permission(codename='forums_forum.view_in_forum', content_type=ct,
object_id=forum2.id, group=g, save=True)
self.client.login(username=u.username, password='******')
response = self.client.get(reverse('search'), {
'author': '',
'created': '0',
'created_date': '',
'updated': '0',
'updated_date': '',
'sortby': '0',
'a': '1',
'w': '4',
'q': 'audio',
'format': 'json'
})
# Sees both results
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content['total'], 2)
def test_forums_search_authorized_forums(self):
"""Only authorized people can search certain forums"""
# Create two threads: one in a restricted forum and one not.
forum1 = forum(name=u'ou812forum', save=True)
thread1 = thread(forum=forum1, save=True)
post(thread=thread1, content=u'audio', save=True)
forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
thread2 = thread(forum=forum2, save=True)
post(thread=thread2, content=u'audio restricted', save=True)
self.refresh()
# Do a search as an anonymous user but don't specify the
# forums to filter on. Should only see one of the posts.
response = self.client.get(reverse('search'), {
'author': '',
'created': '0',
'created_date': '',
'updated': '0',
'updated_date': '',
'sortby': '0',
'a': '1',
'w': '4',
'q': 'audio',
'format': 'json'
})
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content['total'], 1)
# Do a search as an authorized user but don't specify the
# forums to filter on. Should see both posts.
u = user(save=True)
g = group(save=True)
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
permission(codename='forums_forum.view_in_forum', content_type=ct,
object_id=forum2.id, group=g, save=True)
self.client.login(username=u.username, password='******')
response = self.client.get(reverse('search'), {
'author': '',
'created': '0',
'created_date': '',
'updated': '0',
'updated_date': '',
'sortby': '0',
'a': '1',
'w': '4',
'q': 'audio',
'format': 'json'
})
# Sees both results
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content['total'], 2)
def test_read_without_permission(self):
"""Listing threads without the view_in_forum permission should 404.
"""
rforum = restricted_forum()
response = get(self.client, 'forums.threads',
args=[rforum.slug])
eq_(404, response.status_code)
def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
# Give user permission to one of the forums
u = user(save=True)
perm = 'forums_forum.view_in_forum'
ct = ContentType.objects.get_for_model(f1)
permission(codename=perm,
content_type=ct,
object_id=f1.id,
user=u,
save=True)
assert access.has_perm(u, perm, f1)
assert not access.has_perm(u, perm, f2)
def test_reply_without_view_permission(self):
"""Posting without view_in_forum permission should 404."""
rforum = restricted_forum()
t = thread(forum=rforum, save=True)
u = user(save=True)
self.client.login(username=u.username, password='******')
response = post(self.client, 'forums.reply', {'content': 'Blahs'},
args=[t.forum.slug, t.id])
eq_(404, response.status_code)
def test_reply_without_view_permission(self):
"""Posting without view_in_forum permission should 404."""
rforum = restricted_forum()
t = thread(forum=rforum, save=True)
u = user(save=True)
self.client.login(username=u.username, password='******')
response = post(self.client,
'forums.reply', {'content': 'Blahs'},
args=[t.forum.slug, t.id])
eq_(404, response.status_code)
def test_watch_forum_without_permission(self):
"""Watching forums without the view_in_forum permission should 404.
"""
rforum = restricted_forum()
u = user(save=True)
self.client.login(username=u.username, password='******')
response = self.client.post(reverse('forums.watch_forum',
args=[rforum.slug]),
{'watch': 'yes'}, follow=False)
eq_(404, response.status_code)
def test_new_thread_without_view_permission(self):
"""Making a new thread without view permission should 404."""
rforum = restricted_forum()
thread(forum=rforum, save=True)
u = user(save=True)
self.client.login(username=u.username, password='******')
response = post(self.client, 'forums.new_thread',
{'title': 'Blahs', 'content': 'Blahs'},
args=[rforum.slug])
eq_(404, response.status_code)
def test_reply_without_post_permission(self):
"""Posting without post_in_forum permission should 403."""
rforum = restricted_forum(permission_code='forums_forum.post_in_forum')
t = thread(forum=rforum, save=True)
u = user(save=True)
self.client.login(username=u.username, password='******')
with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
response = post(self.client,
'forums.reply', {'content': 'Blahs'},
args=[t.forum.slug, t.id])
eq_(403, response.status_code)
def test_perm_is_defined_on(self):
"""Test permission relationship
Test whether we check for permission relationship, independent
of whether the permission is actually assigned to anyone.
"""
from kitsune.forums.tests import forum, restricted_forum
f1 = restricted_forum()
f2 = forum(save=True)
perm = 'forums_forum.view_in_forum'
assert access.perm_is_defined_on(perm, f1)
assert not access.perm_is_defined_on(perm, f2)
def test_watch_forum_without_permission(self):
"""Watching forums without the view_in_forum permission should 404.
"""
rforum = restricted_forum()
u = user(save=True)
self.client.login(username=u.username, password='******')
response = self.client.post(reverse('forums.watch_forum',
args=[rforum.slug]),
{'watch': 'yes'},
follow=False)
eq_(404, response.status_code)
def test_perm_is_defined_on(self):
"""Test permission relationship
Test whether we check for permission relationship, independent
of whether the permission is actually assigned to anyone.
"""
from kitsune.forums.tests import forum, restricted_forum
f1 = restricted_forum()
f2 = forum(save=True)
perm = 'forums_forum.view_in_forum'
assert access.perm_is_defined_on(perm, f1)
assert not access.perm_is_defined_on(perm, f2)
def test_new_thread_without_post_permission(self):
"""Making a new thread without post permission should 403."""
rforum = restricted_forum(
permission_code='forums_forum.post_in_forum')
u = user(save=True)
self.client.login(username=u.username, password='******')
with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
response = post(self.client, 'forums.new_thread',
{'title': 'Blahs', 'content': 'Blahs'},
args=[rforum.slug])
eq_(403, response.status_code)
def test_reply_without_post_permission(self):
"""Posting without post_in_forum permission should 403."""
rforum = restricted_forum(
permission_code='forums_forum.post_in_forum')
t = thread(forum=rforum, save=True)
u = user(save=True)
self.client.login(username=u.username, password='******')
with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
response = post(self.client, 'forums.reply', {'content': 'Blahs'},
args=[t.forum.slug, t.id])
eq_(403, response.status_code)
def test_new_thread_without_post_permission(self):
"""Making a new thread without post permission should 403."""
rforum = restricted_forum(permission_code='forums_forum.post_in_forum')
u = user(save=True)
self.client.login(username=u.username, password='******')
with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
response = post(self.client,
'forums.new_thread', {
'title': 'Blahs',
'content': 'Blahs'
},
args=[rforum.slug])
eq_(403, response.status_code)
def test_new_thread_without_view_permission(self):
"""Making a new thread without view permission should 404."""
rforum = restricted_forum()
thread(forum=rforum, save=True)
u = user(save=True)
self.client.login(username=u.username, password='******')
response = post(self.client,
'forums.new_thread', {
'title': 'Blahs',
'content': 'Blahs'
},
args=[rforum.slug])
eq_(404, response.status_code)
def test_discussion_forum_with_restricted_forums(self):
"""Tests who can see restricted forums in search form."""
# This is a long test, but it saves us from doing the setup
# twice.
forum1 = forum(name=u'ou812forum', save=True)
thread1 = thread(forum=forum1, title=u'audio 2', save=True)
post(thread=thread1, save=True)
forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
thread2 = thread(forum=forum2, title=u'audio 2', save=True)
post(thread=thread2, save=True)
self.refresh()
# Get the Advanced Search Form as an anonymous user
response = self.client.get(reverse('search.advanced'), {'a': '2'})
eq_(200, response.status_code)
# Regular forum should show up
assert 'ou812forum' in response.content
# Restricted forum should not show up
assert 'restrictedkeepout' not in response.content
u = user(save=True)
g = group(save=True)
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
permission(codename='forums_forum.view_in_forum',
content_type=ct,
object_id=forum2.id,
group=g,
save=True)
# Get the Advanced Search Form as a logged in user
self.client.login(username=u.username, password='******')
response = self.client.get(reverse('search.advanced'), {'a': '2'})
eq_(200, response.status_code)
# Both forums should show up for authorized user
assert 'ou812forum' in response.content
assert 'restrictedkeepout' in response.content
def test_discussion_forum_with_restricted_forums(self):
"""Tests who can see restricted forums in search form."""
# This is a long test, but it saves us from doing the setup
# twice.
forum1 = forum(name=u'ou812forum', save=True)
thread1 = thread(forum=forum1, title=u'audio 2', save=True)
post(thread=thread1, save=True)
forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
thread2 = thread(forum=forum2, title=u'audio 2', save=True)
post(thread=thread2, save=True)
self.refresh()
# Get the Advanced Search Form as an anonymous user
response = self.client.get(reverse('search.advanced'), {'a': '2'})
eq_(200, response.status_code)
# Regular forum should show up
assert 'ou812forum' in response.content
# Restricted forum should not show up
assert 'restrictedkeepout' not in response.content
u = user(save=True)
g = group(save=True)
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
permission(codename='forums_forum.view_in_forum', content_type=ct,
object_id=forum2.id, group=g, save=True)
# Get the Advanced Search Form as a logged in user
self.client.login(username=u.username, password='******')
response = self.client.get(reverse('search.advanced'), {'a': '2'})
eq_(200, response.status_code)
# Both forums should show up for authorized user
assert 'ou812forum' in response.content
assert 'restrictedkeepout' in response.content
