Ejemplo n.º 1
0
    def test_has_perm_per_object(self):
        """Assert has_perm checks per-object permissions correctly."""
        from kitsune.forums.tests import restricted_forum
        f1 = restricted_forum()
        f2 = restricted_forum()

        # Give user permission to one of the forums
        u = user(save=True)
        perm = 'forums_forum.view_in_forum'
        ct = ContentType.objects.get_for_model(f1)
        permission(codename=perm, content_type=ct,
                   object_id=f1.id, user=u, save=True)
        assert access.has_perm(u, perm, f1)
        assert not access.has_perm(u, perm, f2)
Ejemplo n.º 2
0
    def test_read_without_permission(self):
        """Listing posts without the view_in_forum permission should 404."""
        rforum = restricted_forum()
        t = thread(forum=rforum, save=True)

        response = get(self.client, 'forums.posts', args=[t.forum.slug, t.id])
        eq_(404, response.status_code)
Ejemplo n.º 3
0
    def test_admin_perm_thread(self):
        """Super user can do anything on any forum."""
        from kitsune.forums.tests import restricted_forum
        f1 = restricted_forum()
        f2 = restricted_forum()

        admin = user(is_staff=True, is_superuser=True, save=True)

        # Loop over all forums perms and both forums
        perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
                 'thread_sticky_forum', 'thread_locked_forum',
                 'post_delete_forum', 'view_in_forum')

        for perm in perms:
            for forum in [f1, f2]:
                assert access.has_perm(admin, 'forums_forum.' + perm, forum)
Ejemplo n.º 4
0
    def test_read_without_permission(self):
        """Listing threads without the view_in_forum permission should 404.
        """
        rforum = restricted_forum()

        response = get(self.client, 'forums.threads', args=[rforum.slug])
        eq_(404, response.status_code)
Ejemplo n.º 5
0
    def test_read_without_permission(self):
        """Listing posts without the view_in_forum permission should 404."""
        rforum = restricted_forum()
        t = thread(forum=rforum, save=True)

        response = get(self.client, 'forums.posts', args=[t.forum.slug, t.id])
        eq_(404, response.status_code)
Ejemplo n.º 6
0
    def test_admin_perm_thread(self):
        """Super user can do anything on any forum."""
        from kitsune.forums.tests import restricted_forum
        f1 = restricted_forum()
        f2 = restricted_forum()

        admin = user(is_staff=True, is_superuser=True, save=True)

        # Loop over all forums perms and both forums
        perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
                 'thread_sticky_forum', 'thread_locked_forum',
                 'post_delete_forum', 'view_in_forum')

        for perm in perms:
            for forum in [f1, f2]:
                assert access.has_perm(admin, 'forums_forum.' + perm, forum)
Ejemplo n.º 7
0
    def test_forums_search_authorized_forums(self):
        """Only authorized people can search certain forums"""
        # Create two threads: one in a restricted forum and one not.
        forum1 = forum(name=u'ou812forum', save=True)
        thread1 = thread(forum=forum1, save=True)
        post(thread=thread1, content=u'audio', save=True)

        forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
        thread2 = thread(forum=forum2, save=True)
        post(thread=thread2, content=u'audio restricted', save=True)

        self.refresh()

        # Do a search as an anonymous user but don't specify the
        # forums to filter on. Should only see one of the posts.
        response = self.client.get(reverse('search'), {
            'author': '',
            'created': '0',
            'created_date': '',
            'updated': '0',
            'updated_date': '',
            'sortby': '0',
            'a': '1',
            'w': '4',
            'q': 'audio',
            'format': 'json'
        })

        eq_(200, response.status_code)
        content = json.loads(response.content)
        eq_(content['total'], 1)

        # Do a search as an authorized user but don't specify the
        # forums to filter on. Should see both posts.
        u = user(save=True)
        g = group(save=True)
        g.user_set.add(u)
        ct = ContentType.objects.get_for_model(forum2)
        permission(codename='forums_forum.view_in_forum', content_type=ct,
                   object_id=forum2.id, group=g, save=True)

        self.client.login(username=u.username, password='******')
        response = self.client.get(reverse('search'), {
            'author': '',
            'created': '0',
            'created_date': '',
            'updated': '0',
            'updated_date': '',
            'sortby': '0',
            'a': '1',
            'w': '4',
            'q': 'audio',
            'format': 'json'
        })

        # Sees both results
        eq_(200, response.status_code)
        content = json.loads(response.content)
        eq_(content['total'], 2)
Ejemplo n.º 8
0
    def test_forums_search_authorized_forums(self):
        """Only authorized people can search certain forums"""
        # Create two threads: one in a restricted forum and one not.
        forum1 = forum(name=u'ou812forum', save=True)
        thread1 = thread(forum=forum1, save=True)
        post(thread=thread1, content=u'audio', save=True)

        forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
        thread2 = thread(forum=forum2, save=True)
        post(thread=thread2, content=u'audio restricted', save=True)

        self.refresh()

        # Do a search as an anonymous user but don't specify the
        # forums to filter on. Should only see one of the posts.
        response = self.client.get(reverse('search'), {
            'author': '',
            'created': '0',
            'created_date': '',
            'updated': '0',
            'updated_date': '',
            'sortby': '0',
            'a': '1',
            'w': '4',
            'q': 'audio',
            'format': 'json'
        })

        eq_(200, response.status_code)
        content = json.loads(response.content)
        eq_(content['total'], 1)

        # Do a search as an authorized user but don't specify the
        # forums to filter on. Should see both posts.
        u = user(save=True)
        g = group(save=True)
        g.user_set.add(u)
        ct = ContentType.objects.get_for_model(forum2)
        permission(codename='forums_forum.view_in_forum', content_type=ct,
                   object_id=forum2.id, group=g, save=True)

        self.client.login(username=u.username, password='******')
        response = self.client.get(reverse('search'), {
            'author': '',
            'created': '0',
            'created_date': '',
            'updated': '0',
            'updated_date': '',
            'sortby': '0',
            'a': '1',
            'w': '4',
            'q': 'audio',
            'format': 'json'
        })

        # Sees both results
        eq_(200, response.status_code)
        content = json.loads(response.content)
        eq_(content['total'], 2)
Ejemplo n.º 9
0
    def test_read_without_permission(self):
        """Listing threads without the view_in_forum permission should 404.
        """
        rforum = restricted_forum()

        response = get(self.client, 'forums.threads',
                       args=[rforum.slug])
        eq_(404, response.status_code)
Ejemplo n.º 10
0
    def test_has_perm_per_object(self):
        """Assert has_perm checks per-object permissions correctly."""
        from kitsune.forums.tests import restricted_forum
        f1 = restricted_forum()
        f2 = restricted_forum()

        # Give user permission to one of the forums
        u = user(save=True)
        perm = 'forums_forum.view_in_forum'
        ct = ContentType.objects.get_for_model(f1)
        permission(codename=perm,
                   content_type=ct,
                   object_id=f1.id,
                   user=u,
                   save=True)
        assert access.has_perm(u, perm, f1)
        assert not access.has_perm(u, perm, f2)
Ejemplo n.º 11
0
    def test_reply_without_view_permission(self):
        """Posting without view_in_forum permission should 404."""
        rforum = restricted_forum()
        t = thread(forum=rforum, save=True)
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        response = post(self.client, 'forums.reply', {'content': 'Blahs'},
                        args=[t.forum.slug, t.id])
        eq_(404, response.status_code)
Ejemplo n.º 12
0
    def test_reply_without_view_permission(self):
        """Posting without view_in_forum permission should 404."""
        rforum = restricted_forum()
        t = thread(forum=rforum, save=True)
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        response = post(self.client,
                        'forums.reply', {'content': 'Blahs'},
                        args=[t.forum.slug, t.id])
        eq_(404, response.status_code)
Ejemplo n.º 13
0
    def test_watch_forum_without_permission(self):
        """Watching forums without the view_in_forum permission should 404.
        """
        rforum = restricted_forum()
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        response = self.client.post(reverse('forums.watch_forum',
                                            args=[rforum.slug]),
                                    {'watch': 'yes'}, follow=False)
        eq_(404, response.status_code)
Ejemplo n.º 14
0
    def test_new_thread_without_view_permission(self):
        """Making a new thread without view permission should 404."""
        rforum = restricted_forum()
        thread(forum=rforum, save=True)
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        response = post(self.client, 'forums.new_thread',
                        {'title': 'Blahs', 'content': 'Blahs'},
                        args=[rforum.slug])
        eq_(404, response.status_code)
Ejemplo n.º 15
0
    def test_reply_without_post_permission(self):
        """Posting without post_in_forum permission should 403."""
        rforum = restricted_forum(permission_code='forums_forum.post_in_forum')
        t = thread(forum=rforum, save=True)
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
            response = post(self.client,
                            'forums.reply', {'content': 'Blahs'},
                            args=[t.forum.slug, t.id])
        eq_(403, response.status_code)
Ejemplo n.º 16
0
    def test_perm_is_defined_on(self):
        """Test permission relationship

        Test whether we check for permission relationship, independent
        of whether the permission is actually assigned to anyone.
        """
        from kitsune.forums.tests import forum, restricted_forum
        f1 = restricted_forum()
        f2 = forum(save=True)
        perm = 'forums_forum.view_in_forum'
        assert access.perm_is_defined_on(perm, f1)
        assert not access.perm_is_defined_on(perm, f2)
Ejemplo n.º 17
0
    def test_watch_forum_without_permission(self):
        """Watching forums without the view_in_forum permission should 404.
        """
        rforum = restricted_forum()
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        response = self.client.post(reverse('forums.watch_forum',
                                            args=[rforum.slug]),
                                    {'watch': 'yes'},
                                    follow=False)
        eq_(404, response.status_code)
Ejemplo n.º 18
0
    def test_perm_is_defined_on(self):
        """Test permission relationship

        Test whether we check for permission relationship, independent
        of whether the permission is actually assigned to anyone.
        """
        from kitsune.forums.tests import forum, restricted_forum
        f1 = restricted_forum()
        f2 = forum(save=True)
        perm = 'forums_forum.view_in_forum'
        assert access.perm_is_defined_on(perm, f1)
        assert not access.perm_is_defined_on(perm, f2)
Ejemplo n.º 19
0
    def test_new_thread_without_post_permission(self):
        """Making a new thread without post permission should 403."""
        rforum = restricted_forum(
            permission_code='forums_forum.post_in_forum')
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
            response = post(self.client, 'forums.new_thread',
                            {'title': 'Blahs', 'content': 'Blahs'},
                            args=[rforum.slug])
        eq_(403, response.status_code)
Ejemplo n.º 20
0
    def test_reply_without_post_permission(self):
        """Posting without post_in_forum permission should 403."""
        rforum = restricted_forum(
            permission_code='forums_forum.post_in_forum')
        t = thread(forum=rforum, save=True)
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
            response = post(self.client, 'forums.reply', {'content': 'Blahs'},
                            args=[t.forum.slug, t.id])
        eq_(403, response.status_code)
Ejemplo n.º 21
0
    def test_new_thread_without_post_permission(self):
        """Making a new thread without post permission should 403."""
        rforum = restricted_forum(permission_code='forums_forum.post_in_forum')
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        with patch.object(Forum, 'allows_viewing_by', Mock(return_value=True)):
            response = post(self.client,
                            'forums.new_thread', {
                                'title': 'Blahs',
                                'content': 'Blahs'
                            },
                            args=[rforum.slug])
        eq_(403, response.status_code)
Ejemplo n.º 22
0
    def test_new_thread_without_view_permission(self):
        """Making a new thread without view permission should 404."""
        rforum = restricted_forum()
        thread(forum=rforum, save=True)
        u = user(save=True)

        self.client.login(username=u.username, password='******')
        response = post(self.client,
                        'forums.new_thread', {
                            'title': 'Blahs',
                            'content': 'Blahs'
                        },
                        args=[rforum.slug])
        eq_(404, response.status_code)
Ejemplo n.º 23
0
    def test_discussion_forum_with_restricted_forums(self):
        """Tests who can see restricted forums in search form."""
        # This is a long test, but it saves us from doing the setup
        # twice.
        forum1 = forum(name=u'ou812forum', save=True)
        thread1 = thread(forum=forum1, title=u'audio 2', save=True)
        post(thread=thread1, save=True)

        forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
        thread2 = thread(forum=forum2, title=u'audio 2', save=True)
        post(thread=thread2, save=True)

        self.refresh()

        # Get the Advanced Search Form as an anonymous user
        response = self.client.get(reverse('search.advanced'), {'a': '2'})
        eq_(200, response.status_code)

        # Regular forum should show up
        assert 'ou812forum' in response.content

        # Restricted forum should not show up
        assert 'restrictedkeepout' not in response.content

        u = user(save=True)
        g = group(save=True)
        g.user_set.add(u)
        ct = ContentType.objects.get_for_model(forum2)
        permission(codename='forums_forum.view_in_forum',
                   content_type=ct,
                   object_id=forum2.id,
                   group=g,
                   save=True)

        # Get the Advanced Search Form as a logged in user
        self.client.login(username=u.username, password='******')
        response = self.client.get(reverse('search.advanced'), {'a': '2'})
        eq_(200, response.status_code)

        # Both forums should show up for authorized user
        assert 'ou812forum' in response.content
        assert 'restrictedkeepout' in response.content
Ejemplo n.º 24
0
    def test_discussion_forum_with_restricted_forums(self):
        """Tests who can see restricted forums in search form."""
        # This is a long test, but it saves us from doing the setup
        # twice.
        forum1 = forum(name=u'ou812forum', save=True)
        thread1 = thread(forum=forum1, title=u'audio 2', save=True)
        post(thread=thread1, save=True)

        forum2 = restricted_forum(name=u'restrictedkeepout', save=True)
        thread2 = thread(forum=forum2, title=u'audio 2', save=True)
        post(thread=thread2, save=True)

        self.refresh()

        # Get the Advanced Search Form as an anonymous user
        response = self.client.get(reverse('search.advanced'), {'a': '2'})
        eq_(200, response.status_code)

        # Regular forum should show up
        assert 'ou812forum' in response.content

        # Restricted forum should not show up
        assert 'restrictedkeepout' not in response.content

        u = user(save=True)
        g = group(save=True)
        g.user_set.add(u)
        ct = ContentType.objects.get_for_model(forum2)
        permission(codename='forums_forum.view_in_forum', content_type=ct,
                   object_id=forum2.id, group=g, save=True)

        # Get the Advanced Search Form as a logged in user
        self.client.login(username=u.username, password='******')
        response = self.client.get(reverse('search.advanced'), {'a': '2'})
        eq_(200, response.status_code)

        # Both forums should show up for authorized user
        assert 'ou812forum' in response.content
        assert 'restrictedkeepout' in response.content