class EntryDeleteViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(username='******')
self.user.set_password('password')
self.other = PersonaFactory(username='******')
self.user.save()
self.other.save()
self.entry = EntryFactory(title='かわずたんだよ☆', author=self.user)
def test_anonymous_user_can_not_delete_via_delete_view(self):
'''非ログインユーザーは記事の削除ができない'''
r = self.client.post('/blogs/author_kawaztan/1/delete/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/author_kawaztan/1/delete/')
self.assertEqual(self.entry.title, 'かわずたんだよ☆')
def test_other_user_cannot_delete_via_delete_view(self):
'''作者以外のユーザーは記事の削除ができない'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/blogs/author_kawaztan/1/delete/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/author_kawaztan/1/delete/')
self.assertEqual(self.entry.title, 'かわずたんだよ☆')
def test_author_can_delete_via_delete_view(self):
'''作者は記事を削除できる'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/blogs/author_kawaztan/1/delete/')
self.assertRedirects(r, '/blogs/')
self.assertEqual(Entry.objects.count(), 0)
class ProjectJoinViewTestCase(TestCase):
def setUp(self):
self.project = ProjectFactory()
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
def test_anonymous_cannnot_join_project(self):
'''
Tests anonymous users attempt to access to ProjectJoinViewTestCase with GET method,
redirects to Login page.
'''
r = self.client.get('/projects/1/join/')
self.assertRedirects(r, '{0}?next={1}'.format(settings.LOGIN_URL, '/projects/1/join/'))
def test_get_method_is_not_allowed(self):
'''
Tests authorized attempt to access to ProjectJoinViewTestCase with GET method,
it returns 405
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/projects/1/join/')
self.assertEqual(r.status_code, 405)
def test_user_can_join_project_via_project_join_view(self):
'''
Tests user can join to project via ProjectJoinView
then redirects to project permalinks
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/1/join/')
self.assertRedirects(r, '/projects/{}/'.format(self.project.slug))
self.assertEqual(self.project.members.count(), 2)
self.assertTrue(self.user in self.project.members.all())
class EntryAuthorMonthArchiveViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.entries = (
EntryFactory(),
EntryFactory(author=self.user),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='protected', author=self.user),
EntryFactory(pub_state='draft'),
)
def test_anonymous_can_view_only_public_entries_of_the_author(self):
'''
Tests anonymous user can view public Entry written by specific author in the month only.
The protected entries are not displayed.
'''
user = AnonymousUser()
entry = self.entries[0]
lt = get_local_time(entry.published_at)
r = self.client.get('/blogs/{0}/{1}/{2}/'.format(self.user.username, lt.year, lt.month))
self.assertTemplateUsed('blogs/entry_archive_month.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[1])
def test_wille_can_view_only_public_entries_of_the_author(self):
'''
Tests wille user can view public Entry written by specific author in the month only.
The protected entries are not displayed.
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
entry = self.entries[0]
lt = get_local_time(entry.published_at)
r = self.client.get('/blogs/{0}/{1}/{2}/'.format(self.user.username, lt.year, lt.month))
self.assertTemplateUsed('blogs/entry_archive_month.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[1])
def test_authenticated_can_view_all_publish_entries_of_the_author(self):
'''
Tests authenticated user can view all published entries written by specific author in the month.
'''
entry = self.entries[0]
self.assertTrue(self.client.login(username=self.user, password='******'))
lt = get_local_time(entry.published_at)
r = self.client.get('/blogs/{0}/{1}/{2}/'.format(self.user.username, lt.year, lt.month))
self.assertTemplateUsed('blogs/entry_archive_month.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two entries')
self.assertEqual(list[0], self.entries[3], 'protected')
self.assertEqual(list[1], self.entries[1], 'public')
class EntryMonthArchiveViewTestCase(TestCase):
def setUp(self):
self.entries = (
EntryFactory(),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='draft'),
)
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_can_view_only_public_entries(self):
'''
Tests anonymous user can view public Entry written in the month only.
The protected entries are not displayed.
'''
user = AnonymousUser()
entry = self.entries[0]
lt = get_local_time(entry.published_at)
r = self.client.get('/blogs/{0}/{1}/'.format(lt.year, lt.month))
self.assertTemplateUsed('blogs/entry_archive_month.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[0])
def test_wille_can_view_only_public_entries(self):
'''
Tests wille user can view public Entry written in the month only.
The protected entries are not displayed.
'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
entry = self.entries[0]
lt = get_local_time(entry.published_at)
r = self.client.get('/blogs/{0}/{1}/'.format(lt.year, lt.month))
self.assertTemplateUsed('blogs/entry_archive_month.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[0])
def test_authenticated_can_view_all_publish_entries(self):
'''
Tests authenticated user can view all published entries written in the month.
'''
entry = self.entries[0]
self.assertTrue(
self.client.login(username=self.user, password='******'))
lt = get_local_time(entry.published_at)
r = self.client.get('/blogs/{0}/{1}/'.format(lt.year, lt.month))
self.assertTemplateUsed('blogs/entry_archive_month.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two entries')
self.assertEqual(list[0], self.entries[1], 'protected')
self.assertEqual(list[1], self.entries[0], 'public')
class AnnouncementListViewTestCase(TestCase):
def setUp(self):
self.announcements = (
AnnouncementFactory(),
AnnouncementFactory(pub_state='protected'),
AnnouncementFactory(pub_state='draft'),
)
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_can_view_only_public_announcements(self):
'''
Tests anonymous user can view public Announcement only.
The protected announcements are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/announcements/')
self.assertTemplateUsed('announcements/announcement_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one announcement')
self.assertEqual(list[0], self.announcements[0])
def test_wille_can_view_only_public_announcements(self):
'''
Tests wille user can view public Announcement only.
The protected announcements are not displayed.
'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.get('/announcements/')
self.assertTemplateUsed('announcements/announcement_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one announcement')
self.assertEqual(list[0], self.announcements[0])
def test_authenticated_can_view_all_publish_announcements(self):
'''
Tests authenticated user can view all published announcements.
'''
self.assertTrue(
self.client.login(username=self.user, password='******'))
r = self.client.get('/announcements/')
self.assertTemplateUsed('announcements/announcement_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two announcements')
self.assertTrue(self.announcements[1] in list)
self.assertTrue(self.announcements[0] in list)
def test_paginate_by(self):
"""
paginator_byが5件にセットされている
"""
self.assertEqual(AnnouncementListView.paginate_by, 5)
class EntryDetailViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
def test_anonymous_user_can_view_public_entry(self):
'''Tests anonymous user can view public entry'''
entry = EntryFactory()
r = self.client.get(entry.get_absolute_url())
self.assertTemplateUsed(r, 'blogs/entry_detail.html')
self.assertEqual(r.context_data['object'], entry)
def test_authorized_user_can_view_public_entry(self):
'''Tests authorized user can view public entry'''
entry = EntryFactory()
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(entry.get_absolute_url())
self.assertTemplateUsed(r, 'blogs/entry_detail.html')
self.assertEqual(r.context_data['object'], entry)
def test_anonymous_user_can_not_view_protected_entry(self):
'''Tests anonymous user can not view protected entry'''
entry = EntryFactory(pub_state='protected')
r = self.client.get(entry.get_absolute_url())
self.assertRedirects(r, '{0}?next={1}'.format(settings.LOGIN_URL, entry.get_absolute_url()))
def test_authorized_user_can_view_protected_entry(self):
'''Tests authorized user can view public entry'''
entry = EntryFactory(pub_state='protected')
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(entry.get_absolute_url())
self.assertTemplateUsed(r, 'blogs/entry_detail.html')
self.assertEqual(r.context_data['object'], entry)
def test_anonymous_user_can_not_view_draft_entry(self):
'''Tests anonymous user can not view draft entry'''
entry = EntryFactory(pub_state='draft')
r = self.client.get(entry.get_absolute_url())
self.assertRedirects(r, '{0}?next={1}'.format(settings.LOGIN_URL, entry.get_absolute_url()))
def test_others_can_not_view_draft_entry(self):
'''
Tests others can not view draft entry
User will redirect to '/entries/1/update/'
'''
entry = EntryFactory(pub_state='draft')
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(entry.get_absolute_url())
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/{}/1/update/'.format(entry.author.username))
def test_organizer_can_view_draft_entry(self):
'''Tests organizer can view draft entry on update view'''
entry = EntryFactory(pub_state='draft', author=self.user)
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(entry.get_absolute_url())
self.assertTemplateUsed(r, 'blogs/entry_form.html')
self.assertEqual(r.context_data['object'], entry)
class EntryAuthorTodayArchiveViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.entries = (
EntryFactory(),
EntryFactory(author=self.user),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='protected', author=self.user),
EntryFactory(pub_state='draft'),
)
def test_anonymous_can_view_only_public_entries_of_the_author(self):
'''
Tests anonymous user can view public Entry written by specific author on today only.
The protected entries are not displayed.
'''
entry = self.entries[0]
r = self.client.get('/blogs/{}/today/'.format(self.user.username))
self.assertTemplateUsed('blogs/entry_archive_day.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[1])
def test_wille_can_view_only_public_entries_of_the_author(self):
'''
Tests wille user can view public Entry written by specific author on today only.
The protected entries are not displayed.
'''
entry = self.entries[0]
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.get('/blogs/{}/today/'.format(self.user.username))
self.assertTemplateUsed('blogs/entry_archive_day.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[1])
def test_authenticated_can_view_all_publish_entries_of_the_author(self):
'''
Tests authenticated user can view all published entries written by specific author on today.
'''
entry = self.entries[0]
self.assertTrue(
self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/{}/today/'.format(self.user.username))
self.assertTemplateUsed('blogs/entry_archive_day.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two entries')
self.assertEqual(list[0], self.entries[3], 'protected')
self.assertEqual(list[1], self.entries[1], 'public')
class AnnouncementListViewTestCase(TestCase):
def setUp(self):
self.announcements = (
AnnouncementFactory(),
AnnouncementFactory(pub_state='protected'),
AnnouncementFactory(pub_state='draft'),
)
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_can_view_only_public_announcements(self):
'''
Tests anonymous user can view public Announcement only.
The protected announcements are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/announcements/')
self.assertTemplateUsed('announcements/announcement_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one announcement')
self.assertEqual(list[0], self.announcements[0])
def test_wille_can_view_only_public_announcements(self):
'''
Tests wille user can view public Announcement only.
The protected announcements are not displayed.
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/announcements/')
self.assertTemplateUsed('announcements/announcement_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one announcement')
self.assertEqual(list[0], self.announcements[0])
def test_authenticated_can_view_all_publish_announcements(self):
'''
Tests authenticated user can view all published announcements.
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/announcements/')
self.assertTemplateUsed('announcements/announcement_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two announcements')
self.assertTrue(self.announcements[1] in list)
self.assertTrue(self.announcements[0] in list)
def test_paginate_by(self):
"""
paginator_byが5件にセットされている
"""
self.assertEqual(AnnouncementListView.paginate_by, 5)
class EventListViewTestCase(TestCase):
def setUp(self):
arguments_list = (
(-3, -2, {'pub_state':'public'}), # 2000/9/1 ~ 2000/9/2
(1, 2, {'pub_state':'public'}), # 2000/9/5 ~ 2000/9/6
(-2, -1, {'pub_state':'protected'}), # 2000/9/3 ~ 2000/9/4
(0, 1, {'pub_state':'protected'}), # 2000/9/4 ~ 2000/9/5
(-3, -2, {'pub_state':'draft'}), # 2000/9/2 ~ 2000/9/3
(1, 2, {'pub_state':'draft'}), # 2000/9/5 ~ 2000/9/6
)
self.events = [event_factory_with_relative(*args)
for args in arguments_list]
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
def test_anonymous_can_view_only_public_events(self):
'''
Tests anonymous user can view public Events only.
The protected events are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/events/')
self.assertTemplateUsed('events/event_list.html')
self.assertTrue('object_list', r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one event')
self.assertEqual(list[0], self.events[1], '2000/9/5 ~ 6 public')
def test_authenticated_can_view_all_publish_events(self):
'''
Tests authenticated user can view all published events.
'''
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.get('/events/')
self.assertTemplateUsed('events/event_list.html')
self.assertTrue('object_list', r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two events')
self.assertEqual(list[0], self.events[3], '2000/9/5 ~ 6 protected')
self.assertEqual(list[1], self.events[1], '2000/9/5 ~ 6 public')
def test_list_with_categories(self):
"""
イベントリストでCategoryのfilterが有効になっている
"""
category = CategoryFactory()
event1 = EventFactory(category=category)
event2 = EventFactory()
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.get('/events/?category={}'.format(category.pk))
self.assertTemplateUsed(r, 'events/event_list.html')
self.assertEqual(r.context['filter'].qs.count(), 1)
self.assertTrue(event1 in r.context['filter'].qs)
class EntryAuthorYearArchiveViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.entries = (
EntryFactory(),
EntryFactory(author=self.user),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='protected', author=self.user),
EntryFactory(pub_state='draft'),
)
def test_anonymous_can_view_only_public_entries_of_the_author(self):
'''
Tests anonymous user can view public Entry written by specific author in the year only.
The protected entries are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/blogs/{0}/{1}/'.format(
self.user.username, self.entries[0].published_at.year))
self.assertTemplateUsed('blogs/entry_archive_year.html')
self.assertTrue('date_list' in r.context_data)
list = r.context_data['date_list']
self.assertEqual(list.count(), 1, 'date_list has one month')
def test_wille_can_view_only_public_entries_of_the_author(self):
'''
Tests wille user can view public Entry written by specific author in the year only.
The protected entries are not displayed.
'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.get('/blogs/{0}/{1}/'.format(
self.user.username, self.entries[0].published_at.year))
self.assertTemplateUsed('blogs/entry_archive_year.html')
self.assertTrue('date_list' in r.context_data)
list = r.context_data['date_list']
self.assertEqual(list.count(), 1, 'date_list has one month')
def test_authenticated_can_view_all_publish_entries_of_the_author(self):
'''
Tests authenticated user can view all published entries written by specific author in the year.
'''
self.assertTrue(
self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/{0}/{1}/'.format(
self.user.username, self.entries[0].published_at.year))
self.assertTemplateUsed('blogs/entry_archive_year.html')
self.assertTrue('date_list' in r.context_data)
list = r.context_data['date_list']
self.assertEqual(list.count(), 1, 'date_list has one month')
class EntryTodayArchiveViewTestCase(TestCase):
def setUp(self):
self.entries = (
EntryFactory(),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='draft'),
)
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_can_view_only_public_entries(self):
'''
Tests anonymous user can view public Entry written on today only.
The protected entries are not displayed.
'''
entry = self.entries[0]
user = AnonymousUser()
r = self.client.get('/blogs/today/')
self.assertTemplateUsed('blogs/entry_archive_day.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[0])
def test_wille_can_view_only_public_entries(self):
'''
Tests wille user can view public Entry written on today only.
The protected entries are not displayed.
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
entry = self.entries[0]
r = self.client.get('/blogs/today/')
self.assertTemplateUsed('blogs/entry_archive_day.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[0])
def test_authenticated_can_view_all_publish_entries(self):
'''
Tests authenticated user can view all published entries written on today.
'''
entry = self.entries[0]
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/today/')
self.assertTemplateUsed('blogs/entry_archive_day.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two entries')
self.assertEqual(list[0], self.entries[1], 'protected')
self.assertEqual(list[1], self.entries[0], 'public')
class ProjectListViewTestCase(TestCase):
def setUp(self):
self.projects = (
ProjectFactory(),
ProjectFactory(pub_state='protected'),
ProjectFactory(pub_state='draft'),
)
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_can_view_only_public_projects(self):
'''
Tests anonymous user can view public Project only.
The protected projects are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/projects/')
self.assertTemplateUsed('projects/project_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one project')
self.assertEqual(list[0], self.projects[0])
def test_wille_can_view_only_public_projects(self):
'''
Tests wille user can view public Project only.
The protected projects are not displayed.
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/projects/')
self.assertTemplateUsed('projects/project_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one project')
self.assertEqual(list[0], self.projects[0])
def test_authenticated_can_view_all_publish_projects(self):
'''
Tests authenticated user can view all published projects.
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/projects/')
self.assertTemplateUsed('projects/project_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two projects')
self.assertEqual(list[0], self.projects[1], 'protected')
self.assertEqual(list[1], self.projects[0], 'public')
class EntryAuthorYearArchiveViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.entries = (
EntryFactory(),
EntryFactory(author=self.user),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='protected', author=self.user),
EntryFactory(pub_state='draft'),
)
def test_anonymous_can_view_only_public_entries_of_the_author(self):
'''
Tests anonymous user can view public Entry written by specific author in the year only.
The protected entries are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/blogs/{0}/{1}/'.format(self.user.username, self.entries[0].publish_at.year))
self.assertTemplateUsed('blogs/entry_archive_year.html')
self.assertTrue('date_list' in r.context_data)
list = r.context_data['date_list']
self.assertEqual(list.count(), 1, 'date_list has one month')
def test_wille_can_view_only_public_entries_of_the_author(self):
'''
Tests wille user can view public Entry written by specific author in the year only.
The protected entries are not displayed.
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/blogs/{0}/{1}/'.format(self.user.username, self.entries[0].publish_at.year))
self.assertTemplateUsed('blogs/entry_archive_year.html')
self.assertTrue('date_list' in r.context_data)
list = r.context_data['date_list']
self.assertEqual(list.count(), 1, 'date_list has one month')
def test_authenticated_can_view_all_publish_entries_of_the_author(self):
'''
Tests authenticated user can view all published entries written by specific author in the year.
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/{0}/{1}/'.format(self.user.username, self.entries[0].publish_at.year))
self.assertTemplateUsed('blogs/entry_archive_year.html')
self.assertTrue('date_list' in r.context_data)
list = r.context_data['date_list']
self.assertEqual(list.count(), 1, 'date_list has one month')
class ProjectDeleteViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.other = PersonaFactory()
self.other.set_password('password')
self.other.save()
self.project = ProjectFactory(administrator=self.user)
def test_administrator_can_delete_via_project_delete_view(self):
'''
Tests administrators can delete its own projects via ProjectDeleteView
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/1/delete/', {})
self.assertEqual(Project.objects.count(), 0)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_member_cannot_delete_via_project_delete_view(self):
'''
Tests members cannot delete its projects via ProjectDeleteView
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
self.project.join(self.other)
r = self.client.post('/projects/1/delete/', {})
self.assertEqual(Project.objects.count(), 1)
def test_other_cannot_delete_via_project_delete_view(self):
'''
Tests others cannot delete projects via ProjectDeleteView
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/projects/1/delete/', {})
self.assertEqual(Project.objects.count(), 1)
def test_wille_cannot_delete_via_project_delete_view(self):
'''
Tests wille cannot delete projects via ProjectDeleteView
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.post('/projects/1/delete/', {})
self.assertEqual(Project.objects.count(), 1)
def test_anonymous_cannot_delete_via_project_delete_view(self):
'''
Tests anonymous cannot delete projects via ProjectDeleteView
'''
r = self.client.post('/projects/1/delete/', {})
self.assertEqual(Project.objects.count(), 1)
class AnnouncementCreateViewTestCase(ViewTestCaseBase):
template_path = 'announcements/announcement_form.html'
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.nerv = PersonaFactory(role='nerv')
self.nerv.set_password('password')
self.nerv.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_reverse_url(self):
"""
AnnouncementCreateViewの逆引き
"""
self.assertEqual(
reverse('announcements_announcement_create'),
'/announcements/create/',
)
def test_anonymous_user_can_not_create_view(self):
'''Tests anonymous user can not view AnnouncementCreateView'''
r = self.client.get('/announcements/create/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_wille_user_can_not_view_announcement_create_view(self):
'''Tests wille user can not view AnnouncementCreateView'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/announcements/create/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_general_user_can_not_view_announcement_create_view(self):
'''Tests general user can not view AnnouncementCreateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/announcements/create/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_staff_user_can_view_announcement_create_view(self):
'''Tests staff user can view AnnouncementCreateView'''
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.get('/announcements/create/')
self.assertTemplateUsed(r, 'announcements/announcement_form.html')
self.assertFalse('object' in r.context_data)
def test_anonymous_user_can_not_create_via_create_view(self):
'''Tests anonymous user can not create announcement via AnnouncementCreateView'''
r = self.client.post('/announcements/create/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_wille_user_can_not_create_via_create_view(self):
'''Tests wille user can not create announcement via AnnouncementCreateView'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.post('/announcements/create/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_staff_user_can_create_via_create_view(self):
'''Tests staff user can create announcement via AnnouncementCreateView'''
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/create/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.title, '【悲報】データ消えました')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_authorized_user_can_create_via_create_view(self):
'''Tests authorized user can create announcement via AnnouncementCreateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/announcements/create/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_set_last_modifier_user(self):
"""
お知らせを作成したときにlast_modifierとauthorがセットされる
"""
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/create/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.author, self.nerv)
self.assertEqual(e.last_modifier, self.nerv)
def test_staffs_cannot_modify_author_id(self):
'''
Tests authorized user cannot modify author id.
In announcement creation form, `author` is exist as hidden field.
So user can modify `author` to invalid values.
This test checks that `author` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/create/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True,
'author' : other.pk
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.author, self.nerv)
self.assertNotEqual(e.author, other)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class AnnouncementDeleteViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(role='nerv')
self.user.set_password('password')
self.user.save()
self.nerv = PersonaFactory(role='nerv')
self.nerv.set_password('password')
self.nerv.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.other = PersonaFactory()
self.other.set_password('password')
self.other.save()
self.announcement = AnnouncementFactory(author=self.user)
def test_author_can_delete_via_announcement_delete_view(self):
'''
Tests author can delete its own announcements via AnnouncementDeleteView
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertRedirects(r, '/announcements/')
self.assertEqual(Announcement.objects.count(), 0)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_staff_can_delete_via_announcement_delete_view(self):
'''
Tests members can delete its announcements via AnnouncementDeleteView
'''
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertRedirects(r, '/announcements/')
self.assertEqual(Announcement.objects.count(), 0)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_other_cannot_delete_via_announcement_delete_view(self):
'''
Tests others cannot delete announcements via AnnouncementDeleteView
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertEqual(Announcement.objects.count(), 1)
self.assertRedirects(r, '{0}?next=/announcements/1/delete/'.format(settings.LOGIN_URL))
def test_wille_cannot_delete_via_announcement_delete_view(self):
'''
Tests wille cannot delete announcements via AnnouncementDeleteView
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertEqual(Announcement.objects.count(), 1)
self.assertRedirects(r, '{0}?next=/announcements/1/delete/'.format(settings.LOGIN_URL))
def test_anonymous_cannot_delete_via_announcement_delete_view(self):
'''
Tests anonymous cannot delete announcements via AnnouncementDeleteView
'''
r = self.client.post('/announcements/1/delete/', {})
self.assertEqual(Announcement.objects.count(), 1)
self.assertRedirects(r, '{0}?next=/announcements/1/delete/'.format(settings.LOGIN_URL))
class EntryCreateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
def test_anonymous_user_can_not_create_view(self):
'''Tests anonymous user can not view EntryCreateView'''
r = self.client.get('/blogs/{}/create/'.format(self.user.username))
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/{}/create/'.format(self.user.username))
def test_authorized_user_can_view_entry_create_view(self):
'''Tests authorized user can view EntryCreateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/{}/create/'.format(self.user.username))
self.assertTemplateUsed(r, 'blogs/entry_form.html')
self.assertFalse('object' in r.context_data)
def test_anonymous_user_can_not_create_via_create_view(self):
'''Tests anonymous user can not create entry via EntryCreateView'''
r = self.client.post('/blogs/{}/create/'.format(self.user.username), {
'pub_state' : 'public',
'title' : '日記です',
'body' : '天気が良かったです',
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/{}/create/'.format(self.user.username))
def test_authorized_user_can_create_via_create_view(self):
'''Tests authorized user can create entry via EntryCreateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/blogs/{}/create/'.format(self.user.username), {
'pub_state' : 'public',
'title' : '日記です',
'body' : '天気が良かったです',
})
today = datetime.date.today()
self.assertRedirects(r, '/blogs/{0}/{1}/{2}/{3}/1/'.format(self.user.username, today.year, today.month, today.day))
self.assertEqual(Entry.objects.count(), 1)
e = Entry.objects.get(pk=1)
self.assertEqual(e.title, '日記です')
def test_user_cannot_modify_author_id(self):
'''
Tests authorized user cannot modify author id.
In entry creation form, `author` is exist as hidden field.
So user can modify `author` to invalid values.
This test checks that `author` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/blogs/{0}/create/'.format(self.user.username), {
'pub_state' : 'public',
'title' : '日記です',
'body' : '天気が良かったです',
'author' : other.pk # crackers attempt to masquerade
})
today = datetime.date.today()
self.assertRedirects(r, '/blogs/{0}/{1}/{2}/{3}/1/'.format(self.user.username, today.year, today.month, today.day))
self.assertEqual(Entry.objects.count(), 1)
e = Entry.objects.get(pk=1)
self.assertEqual(e.author, self.user)
self.assertNotEqual(e.author, other)
class ProjectCreateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.category = CategoryFactory()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_user_can_not_create_view(self):
'''Tests anonymous user can not view ProjectCreateView'''
r = self.client.get('/projects/create/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/create/')
def test_wille_user_can_not_view_project_create_view(self):
'''Tests wille user can not view ProjectCreateView'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/projects/create/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/create/')
def test_authorized_user_can_view_project_create_view(self):
'''Tests authorized user can view ProjectCreateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/projects/create/')
self.assertTemplateUsed(r, 'projects/project_form.html')
self.assertFalse('object' in r.context_data)
def test_anonymous_user_can_not_create_via_create_view(self):
'''Tests anonymous user can not create project via ProjectCreateView'''
r = self.client.post('/projects/create/', {
'pub_state' : 'public',
'title' : '音楽ファンタジー',
'status' : 'planning',
'body' : 'ルシがファルシでコクーン',
'slug' : 'music-fantasy',
'category' : self.category.pk
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/create/')
def test_wille_user_can_not_create_via_create_view(self):
'''Tests wille user can not create project via ProjectCreateView'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.post('/projects/create/', {
'pub_state' : 'public',
'title' : '音楽ファンタジー',
'status' : 'planning',
'body' : 'ルシがファルシでコクーン',
'slug' : 'music-fantasy',
'category' : self.category.pk
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/create/')
def test_authorized_user_can_create_via_create_view(self):
'''Tests authorized user can create project via ProjectCreateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/create/', {
'pub_state' : 'public',
'title' : '音楽ファンタジー',
'status' : 'planning',
'body' : 'ルシがファルシでコクーン',
'slug' : 'music-fantasy',
'category' : self.category.pk
})
self.assertRedirects(r, '/projects/music-fantasy/')
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.title, '音楽ファンタジー')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_authorized_user_can_create_via_create_view(self):
'''
プロジェクト作成時にlast_modifierがセットされる
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/create/', {
'pub_state' : 'public',
'title' : '音楽ファンタジー',
'status' : 'planning',
'body' : 'ルシがファルシでコクーン',
'slug' : 'music-fantasy',
'category' : self.category.pk
})
self.assertRedirects(r, '/projects/music-fantasy/')
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.last_modifier, self.user)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_user_cannot_modify_administrator_id(self):
'''
Tests authorized user cannot modify administrator id.
In project creation form, `administrator` is exist as hidden field.
So user can modify `administrator` to invalid values.
This test checks that `administrator` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/create/', {
'pub_state' : 'public',
'title' : '音楽ファンタジー',
'status' : 'planning',
'body' : 'ルシがファルシでコクーン',
'slug' : 'music-fantasy',
'category' : self.category.pk,
'administrator' : other.pk # crackers attempt to masquerade
})
self.assertRedirects(r, '/projects/music-fantasy/')
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.administrator, self.user)
self.assertNotEqual(e.administrator, other)
class ProjectUpdateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(username='******')
self.user.set_password('password')
self.other = PersonaFactory(username='******')
self.other.set_password('password')
self.user.save()
self.other.save()
self.project = ProjectFactory(title='かわずたんのゲームだよ☆', administrator=self.user)
self.category = CategoryFactory()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_user_can_not_view_project_update_view(self):
'''Tests anonymous user can not view ProjectUpdateView'''
r = self.client.get('/projects/1/update/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/1/update/')
def test_wille_user_can_not_view_project_update_view(self):
'''Tests wille user can not view ProjectUpdateView'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/projects/1/update/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/1/update/')
def test_authorized_user_can_view_project_update_view(self):
'''
Tests authorized user can view ProjectUpdateView
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/projects/1/update/')
self.assertTemplateUsed(r, 'projects/project_form.html')
self.assertTrue('object' in r.context_data)
self.assertEqual(r.context_data['object'], self.project)
def test_member_can_view_project_update_view(self):
'''
Tests project members can view ProjectUpdateView
'''
self.project.join(self.other)
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.get('/projects/1/update/')
self.assertTemplateUsed(r, 'projects/project_form.html')
self.assertTrue('object' in r.context_data)
self.assertEqual(r.context_data['object'], self.project)
def test_anonymous_user_can_not_update_via_update_view(self):
'''
Tests anonymous user can not update project via ProjectUpdateView
It will redirect to LOGIN_URL
'''
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'クラッカーだよー',
'body' : 'うえーい',
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/1/update/')
self.assertEqual(self.project.title, 'かわずたんのゲームだよ☆')
def test_wille_user_can_not_update_via_update_view(self):
'''
Tests wille user can not update project via ProjectUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : '外部ユーザーだよーん',
'body' : 'うえーい',
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/1/update/')
self.assertEqual(self.project.title, 'かわずたんのゲームだよ☆')
def test_other_user_cannot_update_via_update_view(self):
'''
Tests other user cannot update project via ProjectUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'いたずら日記です',
'body' : '黒かわずたんだよーん',
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/1/update/')
self.assertEqual(self.project.title, 'かわずたんのゲームだよ☆')
def test_administrator_can_update_via_update_view(self):
'''Tests administrator user can update project via ProjectUpdateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'やっぱり書き換えます!',
'body' : 'うえーい',
'status' : 'planning',
'category' : self.category.pk
})
self.assertRedirects(r, '/projects/{}/'.format(self.project.slug))
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.title, 'やっぱり書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_member_can_update_via_update_view(self):
'''Tests project member can update project via ProjectUpdateView'''
self.project.join(self.other)
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'やっぱり書き換えます!',
'body' : 'うえーい',
'status' : 'planning',
'category' : self.category.pk
})
self.assertRedirects(r, '/projects/{}/'.format(self.project.slug))
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.title, 'やっぱり書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_set_last_modifier_via_update_view(self):
"""
プロジェクト編集時にlast_modifierがセットされる
"""
self.project.join(self.other)
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'やっぱり書き換えます!',
'body' : 'うえーい',
'status' : 'planning',
'category' : self.category.pk
})
self.assertRedirects(r, '/projects/{}/'.format(self.project.slug))
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.last_modifier, self.other)
self.assertNotEqual(e.last_modifier, e.administrator)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_user_cannot_update_slug(self):
'''Tests anyone cannot update prject's slug'''
self.assertTrue(self.client.login(username=self.user, password='******'))
old_slug = self.project.slug
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'やっぱり書き換えます!',
'body' : 'うえーい',
'status' : 'planning',
'category' : self.category.pk,
'slug' : 'new-slug'
})
self.assertRedirects(r, '/projects/{}/'.format(self.project.slug))
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.slug, old_slug)
self.assertNotEqual(e.slug, 'new-slug')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_user_cannot_modify_administrator_id(self):
'''
Tests authorized user cannot modify administrator id.
In project update form, `administrator` is exist as hidden field.
So user can modify `administrator` to invalid values.
This test checks that `administrator` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/projects/1/update/', {
'pub_state' : 'public',
'title' : 'ID書き換えます!',
'body' : 'うえーい',
'status' : 'planning',
'category' : self.category.pk,
'administrator' : other.pk # crackers attempt to masquerade
})
self.assertRedirects(r, '/projects/{}/'.format(self.project.slug))
self.assertEqual(Project.objects.count(), 1)
e = Project.objects.get(pk=1)
self.assertEqual(e.administrator, self.user)
self.assertNotEqual(e.administrator, other)
self.assertEqual(e.title, 'ID書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class ProjectDetailViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_user_can_view_public_project(self):
'''Tests anonymous user can view public project'''
project = ProjectFactory()
r = self.client.get(project.get_absolute_url())
self.assertTemplateUsed(r, 'projects/project_detail.html')
self.assertEqual(r.context_data['object'], project)
def test_authorized_user_can_view_public_project(self):
'''Tests authorized user can view public project'''
project = ProjectFactory()
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(project.get_absolute_url())
self.assertTemplateUsed(r, 'projects/project_detail.html')
self.assertEqual(r.context_data['object'], project)
def test_anonymous_user_can_not_view_protected_project(self):
'''Tests anonymous user can not view protected project'''
project = ProjectFactory(pub_state='protected')
r = self.client.get(project.get_absolute_url())
self.assertRedirects(r, '{0}?next={1}'.format(settings.LOGIN_URL, project.get_absolute_url()))
def test_authorized_user_can_view_protected_project(self):
'''Tests authorized user can view public project'''
project = ProjectFactory(pub_state='protected')
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(project.get_absolute_url())
self.assertTemplateUsed(r, 'projects/project_detail.html')
self.assertEqual(r.context_data['object'], project)
def test_wille_user_can_not_view_protected_project(self):
'''
Tests wille user can not view any protected projects
'''
project = ProjectFactory(pub_state='protected')
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get(project.get_absolute_url())
self.assertRedirects(r, '{0}?next={1}'.format(settings.LOGIN_URL, project.get_absolute_url()))
def test_anonymous_user_can_not_view_draft_project(self):
'''Tests anonymous user can not view draft project'''
project = ProjectFactory(pub_state='draft')
r = self.client.get(project.get_absolute_url())
self.assertRedirects(r, '{0}?next={1}'.format(settings.LOGIN_URL, project.get_absolute_url()))
def test_others_can_not_view_draft_project(self):
'''
Tests others can not view draft project
User will redirect to '/projects/1/update/'
'''
project = ProjectFactory(pub_state='draft')
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(project.get_absolute_url())
self.assertRedirects(r, settings.LOGIN_URL + '?next=/projects/{}/update/'.format(project.pk))
def test_administrator_can_view_draft_project(self):
'''Tests administrator can view draft project on update view'''
project = ProjectFactory(pub_state='draft', administrator=self.user)
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get(project.get_absolute_url())
self.assertTemplateUsed(r, 'projects/project_form.html')
self.assertEqual(r.context_data['object'], project)
class EntryListViewTestCase(TestCase):
def setUp(self):
self.entries = (
EntryFactory(),
EntryFactory(pub_state='protected'),
EntryFactory(pub_state='draft'),
)
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_context_has_paginator(self):
"""
EntryListViewのcontextにpaginatorが含まれている
"""
r = self.client.get('/blogs/')
self.assertTrue('page_obj' in r.context)
self.assertTrue('paginator' in r.context)
def test_paginate_by(self):
"""
ProjectListViewでは1ページに5個までしかブログが含まれない
また、ページネーションができていて、次のページには残りのオブジェクトが含まれている
"""
for i in range(7):
EntryFactory()
# setUpで作ったpublic1個と、今作った7個で8こあるはず
r = self.client.get('/blogs/')
object_list = r.context['object_list']
self.assertEqual(len(object_list), 5)
r = self.client.get('/blogs/?page=2')
object_list = r.context['object_list']
self.assertEqual(len(object_list), 3)
def test_anonymous_can_view_only_public_entries(self):
'''
Tests anonymous user can view public Entry only.
The protected entries are not displayed.
'''
user = AnonymousUser()
r = self.client.get('/blogs/')
self.assertTemplateUsed('blogs/entry_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[0])
def test_wille_can_view_only_public_entries(self):
'''
Tests wille user can view public Entry only.
The protected entries are not displayed.
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/blogs/')
self.assertTemplateUsed('blogs/entry_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one entry')
self.assertEqual(list[0], self.entries[0])
def test_authenticated_can_view_all_publish_entries(self):
'''
Tests authenticated user can view all published entries.
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/')
self.assertTemplateUsed('blogs/entry_list.html')
self.assertTrue('object_list' in r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two entries')
self.assertEqual(list[0], self.entries[1], 'protected')
self.assertEqual(list[1], self.entries[0], 'public')
class EntryUpdateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(username='******')
self.user.set_password('password')
self.other = PersonaFactory(username='******')
self.user.save()
self.other.save()
self.entry = EntryFactory(title='かわずたんだよ☆', author=self.user)
def test_anonymous_user_can_not_view_entry_update_view(self):
'''Tests anonymous user can not view EntryUpdateView'''
r = self.client.get('/blogs/author_kawaztan/1/update/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/author_kawaztan/1/update/')
def test_authorized_user_can_view_entry_update_view(self):
'''
Tests authorized user can view EntryUpdateView
'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.get('/blogs/author_kawaztan/1/update/')
self.assertTemplateUsed(r, 'blogs/entry_form.html')
self.assertTrue('object' in r.context_data)
self.assertEqual(r.context_data['object'], self.entry)
def test_anonymous_user_can_not_update_via_update_view(self):
'''
Tests anonymous user can not update entry via EntryUpdateView
It will redirect to LOGIN_URL
'''
r = self.client.post('/blogs/author_kawaztan/1/update/', {
'pub_state' : 'public',
'title' : 'クラッカーだよー',
'body' : 'うえーい',
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/author_kawaztan/1/update/')
self.assertEqual(self.entry.title, 'かわずたんだよ☆')
def test_other_user_cannot_update_via_update_view(self):
'''
Tests other user cannot update entry via EntryUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/blogs/author_kawaztan/1/update/', {
'pub_state' : 'public',
'title' : 'いたずら日記です',
'body' : '黒かわずたんだよーん',
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/blogs/author_kawaztan/1/update/')
self.assertEqual(self.entry.title, 'かわずたんだよ☆')
def test_author_can_update_via_update_view(self):
'''Tests author user can update entry via EntryUpdateView'''
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/blogs/author_kawaztan/1/update/', {
'pub_state' : 'public',
'title' : 'やっぱり書き換えます!',
'body' : 'うえーい',
})
tz = get_default_timezone()
published_at = self.entry.published_at.astimezone(tz)
self.assertRedirects(r, '/blogs/author_kawaztan/{0}/{1}/{2}/1/'.format(published_at.year, published_at.month, published_at.day))
self.assertEqual(Entry.objects.count(), 1)
e = Entry.objects.get(pk=1)
self.assertEqual(e.title, 'やっぱり書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_user_cannot_modify_author_id(self):
'''
Tests authorized user cannot modify author id.
In entry update form, `author` is exist as hidden field.
So user can modify `author` to invalid values.
This test checks that `author` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.user, password='******'))
r = self.client.post('/blogs/author_kawaztan/1/update/', {
'pub_state' : 'public',
'title' : 'ID書き換えます!',
'body' : 'うえーい',
'author' : other.pk # crackers attempt to masquerade
})
tz = get_default_timezone()
published_at = self.entry.published_at.astimezone(tz)
self.assertRedirects(r, '/blogs/author_kawaztan/{0}/{1}/{2}/1/'.format(published_at.year, published_at.month, published_at.day))
self.assertEqual(Entry.objects.count(), 1)
e = Entry.objects.get(pk=1)
self.assertEqual(e.author, self.user)
self.assertNotEqual(e.author, other)
self.assertEqual(e.title, 'ID書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class EventCreateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
def test_anonymous_user_can_not_view_event_create_view(self):
'''Tests anonymous user can not view EventCreateView'''
r = self.client.get('/events/create/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/events/create/')
def test_authorized_user_can_view_event_create_view(self):
'''Tests authorized user can view EventCreateView'''
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.get('/events/create/')
self.assertTemplateUsed(r, 'events/event_form.html')
self.assertFalse('object' in r.context_data)
def test_anonymous_user_can_not_create_via_create_view(self):
'''Tests anonymous user can not create event via EventCreateView'''
r = self.client.post('/events/create/', {
'pub_state': 'public',
'title': 'テストイベント',
'body': 'うえーい',
'period_start': datetime.datetime.now()+datetime.timedelta(hours=1),
'period_end': datetime.datetime.now()+datetime.timedelta(hours=3),
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/events/create/')
def test_authorized_user_can_create_via_create_view(self):
'''Tests authorized user can create event via EventCreateView'''
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.post('/events/create/', {
'pub_state' : 'public',
'title' : 'テストイベント',
'body' : 'うえーい',
'period_start': datetime.datetime.now()+datetime.timedelta(hours=1),
'period_end': datetime.datetime.now()+datetime.timedelta(hours=3)
})
self.assertRedirects(r, '/events/1/')
self.assertEqual(Event.objects.count(), 1)
e = Event.objects.get(pk=1)
self.assertEqual(e.title, 'テストイベント')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_user_cannot_modify_organizer_id(self):
'''
Tests authorized user cannot modify organizer id.
In event creation form, `organizer` is exist as hidden field.
So user can modify `organizer` to invalid values.
This test checks that `organizer` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.post('/events/create/', {
'pub_state' : 'public',
'title' : 'テストイベント',
'body' : 'うえーい',
'period_start': datetime.datetime.now()+datetime.timedelta(hours=1),
'period_end': datetime.datetime.now()+datetime.timedelta(hours=3),
'organizer' : other.pk # crackers attempt to masquerade
})
self.assertRedirects(r, '/events/1/')
self.assertEqual(Event.objects.count(), 1)
e = Event.objects.get(pk=1)
self.assertEqual(e.organizer, self.user)
self.assertNotEqual(e.organizer, other)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class EventYearListViewTestCase(TestCase):
def setUp(self):
arguments_list = (
(-3, -2, {'pub_state':'public'}), # 2000/9/1 ~ 2000/9/2
(1, 2, {'pub_state':'public'}), # 2000/9/5 ~ 2000/9/6
(365, 366, {'pub_state':'public'}), # 2001/9/5 ~ 2001/9/6
(-2, -1, {'pub_state':'protected'}), # 2000/9/2 ~ 2000/9/3
(0, 3, {'pub_state':'protected'}), # 2000/9/4 ~ 2000/9/5
(367, 368, {'pub_state':'protected'}), # 2001/9/7 ~ 2001/9/8
(-3, -2, {'pub_state':'draft'}), # 2000/9/2 ~ 2000/9/3
(1, 2, {'pub_state':'draft'}), # 2000/9/5 ~ 2000/9/6
)
self.events = [event_factory_with_relative(*args)
for args in arguments_list]
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
def test_anonymous_can_view_only_public_events(self):
'''
Tests anonymous user can view public Events only via EventYearListView.
The protected events are not displayed.
The ended events are also displayed.
'''
r = self.client.get('/events/archive/2000/')
self.assertTemplateUsed('events/event_archive_year.html')
self.assertTrue('object_list', r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two events')
self.assertEqual(list[0], self.events[0], '2000/9/5 ~ 6 public')
self.assertEqual(list[1], self.events[1], '2000/9/1 ~ 2 public')
def test_anonymous_can_view_only_public_events_other_year(self):
'''
Tests anonymous user can view public Events only via EventYearListView.
The protected events are not displayed.
The ended events are also displayed.
'''
r = self.client.get('/events/archive/2001/')
self.assertTemplateUsed('events/event_archive_year.html')
self.assertTrue('object_list', r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 1, 'object_list has one event')
self.assertEqual(list[0], self.events[2], '2001/9/5 ~ 6 public')
def test_authenticated_can_view_all_publish_events(self):
'''
Tests authenticated user can view all published events via
EventYearListView.
'''
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.get('/events/archive/2000/')
self.assertTemplateUsed('events/event_archive_year.html')
self.assertTrue('object_list', r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 4, 'object_list has four events')
self.assertEqual(list[0], self.events[0], '2000/9/5 ~ 6 public')
self.assertEqual(list[1], self.events[3], '2000/9/5 ~ 6 protected')
self.assertEqual(list[2], self.events[4], '2000/9/2 ~ 3 public')
self.assertEqual(list[3], self.events[1], '2000/9/2 ~ 3 protected')
def test_authenticated_can_view_all_publish_events_other_year(self):
'''
Tests authenticated user can view all published events via
EventYearListView.
'''
self.assertTrue(self.client.login(username=self.user,
password='******'))
r = self.client.get('/events/archive/2001/')
self.assertTemplateUsed('events/event_archive_year.html')
self.assertTrue('object_list', r.context_data)
list = r.context_data['object_list']
self.assertEqual(list.count(), 2, 'object_list has two events')
self.assertEqual(list[0], self.events[2], '2001/9/6 ~ 7 protected')
self.assertEqual(list[1], self.events[5], '2001/9/4 ~ 5 public')
class AnnouncementCreateViewTestCase(ViewTestCaseBase):
template_path = 'announcements/announcement_form.html'
def setUp(self):
self.user = PersonaFactory()
self.user.set_password('password')
self.user.save()
self.nerv = PersonaFactory(role='nerv')
self.nerv.set_password('password')
self.nerv.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_reverse_url(self):
"""
AnnouncementCreateViewの逆引き
"""
self.assertEqual(
reverse('announcements_announcement_create'),
'/announcements/create/',
)
def test_anonymous_user_can_not_create_view(self):
'''Tests anonymous user can not view AnnouncementCreateView'''
r = self.client.get('/announcements/create/')
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_wille_user_can_not_view_announcement_create_view(self):
'''Tests wille user can not view AnnouncementCreateView'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.get('/announcements/create/')
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_general_user_can_not_view_announcement_create_view(self):
'''Tests general user can not view AnnouncementCreateView'''
self.assertTrue(
self.client.login(username=self.user, password='******'))
r = self.client.get('/announcements/create/')
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_staff_user_can_view_announcement_create_view(self):
'''Tests staff user can view AnnouncementCreateView'''
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.get('/announcements/create/')
self.assertTemplateUsed(r, 'announcements/announcement_form.html')
self.assertFalse('object' in r.context_data)
def test_anonymous_user_can_not_create_via_create_view(self):
'''Tests anonymous user can not create announcement via AnnouncementCreateView'''
r = self.client.post(
'/announcements/create/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True
})
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_wille_user_can_not_create_via_create_view(self):
'''Tests wille user can not create announcement via AnnouncementCreateView'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.post(
'/announcements/create/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True
})
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_staff_user_can_create_via_create_view(self):
'''Tests staff user can create announcement via AnnouncementCreateView'''
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post(
'/announcements/create/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.title, '【悲報】データ消えました')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_authorized_user_can_create_via_create_view(self):
'''Tests authorized user can create announcement via AnnouncementCreateView'''
self.assertTrue(
self.client.login(username=self.user, password='******'))
r = self.client.post(
'/announcements/create/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True
})
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/create/')
def test_set_last_modifier_user(self):
"""
お知らせを作成したときにlast_modifierとauthorがセットされる
"""
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post(
'/announcements/create/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.author, self.nerv)
self.assertEqual(e.last_modifier, self.nerv)
def test_staffs_cannot_modify_author_id(self):
'''
Tests authorized user cannot modify author id.
In announcement creation form, `author` is exist as hidden field.
So user can modify `author` to invalid values.
This test checks that `author` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post(
'/announcements/create/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True,
'author': other.pk
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.author, self.nerv)
self.assertNotEqual(e.author, other)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class AnnouncementUpdateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(username='******', role='nerv')
self.user.set_password('password')
self.other = PersonaFactory(username='******')
self.other.set_password('password')
self.user.save()
self.other.save()
self.nerv = PersonaFactory(role='nerv', username='******')
self.nerv.set_password('password')
self.nerv.save()
self.announcement = AnnouncementFactory(title='かわずたんのお知らせだよ☆',
author=self.user)
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_user_can_not_view_announcement_update_view(self):
'''Tests anonymous user can not view AnnouncementUpdateView'''
r = self.client.get('/announcements/1/update/')
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/1/update/')
def test_wille_user_can_not_view_announcement_update_view(self):
'''Tests wille user can not view AnnouncementUpdateView'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.get('/announcements/1/update/')
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/1/update/')
def test_general_user_can_not_view_announcement_update_view(self):
'''
Tests general user can view AnnouncementUpdateView
'''
self.assertTrue(
self.client.login(username=self.other, password='******'))
r = self.client.get('/announcements/1/update/')
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/1/update/')
def test_staff_can_view_announcement_update_view(self):
'''
Tests staff members can view AnnouncementUpdateView
'''
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.get('/announcements/1/update/')
self.assertTemplateUsed(r, 'announcements/announcement_form.html')
self.assertTrue('object' in r.context_data)
self.assertEqual(r.context_data['object'], self.announcement)
def test_anonymous_user_can_not_update_via_update_view(self):
'''
Tests anonymous user can not update announcement via AnnouncementUpdateView
It will redirect to LOGIN_URL
'''
r = self.client.post(
'/announcements/1/update/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True,
})
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/1/update/')
self.assertEqual(self.announcement.title, 'かわずたんのお知らせだよ☆')
def test_wille_user_can_not_update_via_update_view(self):
'''
Tests wille user can not update announcement via AnnouncementUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.post(
'/announcements/1/update/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True,
})
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/1/update/')
self.assertEqual(self.announcement.title, 'かわずたんのお知らせだよ☆')
def test_other_user_cannot_update_via_update_view(self):
'''
Tests other user cannot update announcement via AnnouncementUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(
self.client.login(username=self.other, password='******'))
r = self.client.post(
'/announcements/1/update/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True,
})
self.assertRedirects(
r, settings.LOGIN_URL + '?next=/announcements/1/update/')
self.assertEqual(self.announcement.title, 'かわずたんのお知らせだよ☆')
def test_staff_can_update_via_update_view(self):
'''Tests author user can update announcement via AnnouncementUpdateView'''
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post(
'/announcements/1/update/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True,
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.title, '【悲報】データ消えました')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_set_last_modifier_via_update_view(self):
"""
お知らせを更新したとき、last_modifierがセットされる
"""
previous_modifier = self.announcement.last_modifier
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post(
'/announcements/1/update/', {
'pub_state': 'public',
'title': '【悲報】データ消えました',
'body': 'サードインパクトだ!',
'silently': True,
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.last_modifier, self.nerv)
self.assertNotEqual(e.last_modifier, previous_modifier)
def test_user_cannot_modify_author_id(self):
'''
Tests authorized user cannot modify author id.
In announcement update form, `author` is exist as hidden field.
So user can modify `author` to invalid values.
This test checks that `author` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post(
'/announcements/1/update/',
{
'pub_state': 'public',
'title': 'ID書き換えます!',
'body': 'サードインパクトだ!',
'silently': True,
'author': other.pk # crackers attempt to masquerade
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.author, self.user)
self.assertNotEqual(e.author, other)
self.assertEqual(e.title, 'ID書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class AnnouncementUpdateViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(username='******', role='nerv')
self.user.set_password('password')
self.other = PersonaFactory(username='******')
self.other.set_password('password')
self.user.save()
self.other.save()
self.nerv = PersonaFactory(role='nerv', username='******')
self.nerv.set_password('password')
self.nerv.save()
self.announcement = AnnouncementFactory(title='かわずたんのお知らせだよ☆', author=self.user)
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
def test_anonymous_user_can_not_view_announcement_update_view(self):
'''Tests anonymous user can not view AnnouncementUpdateView'''
r = self.client.get('/announcements/1/update/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/1/update/')
def test_wille_user_can_not_view_announcement_update_view(self):
'''Tests wille user can not view AnnouncementUpdateView'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.get('/announcements/1/update/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/1/update/')
def test_general_user_can_not_view_announcement_update_view(self):
'''
Tests general user can view AnnouncementUpdateView
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.get('/announcements/1/update/')
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/1/update/')
def test_staff_can_view_announcement_update_view(self):
'''
Tests staff members can view AnnouncementUpdateView
'''
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.get('/announcements/1/update/')
self.assertTemplateUsed(r, 'announcements/announcement_form.html')
self.assertTrue('object' in r.context_data)
self.assertEqual(r.context_data['object'], self.announcement)
def test_anonymous_user_can_not_update_via_update_view(self):
'''
Tests anonymous user can not update announcement via AnnouncementUpdateView
It will redirect to LOGIN_URL
'''
r = self.client.post('/announcements/1/update/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True,
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/1/update/')
self.assertEqual(self.announcement.title, 'かわずたんのお知らせだよ☆')
def test_wille_user_can_not_update_via_update_view(self):
'''
Tests wille user can not update announcement via AnnouncementUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(self.client.login(username=self.wille, password='******'))
r = self.client.post('/announcements/1/update/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True,
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/1/update/')
self.assertEqual(self.announcement.title, 'かわずたんのお知らせだよ☆')
def test_other_user_cannot_update_via_update_view(self):
'''
Tests other user cannot update announcement via AnnouncementUpdateView
It will redirect to LOGIN_URL
'''
self.assertTrue(self.client.login(username=self.other, password='******'))
r = self.client.post('/announcements/1/update/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True,
})
self.assertRedirects(r, settings.LOGIN_URL + '?next=/announcements/1/update/')
self.assertEqual(self.announcement.title, 'かわずたんのお知らせだよ☆')
def test_staff_can_update_via_update_view(self):
'''Tests author user can update announcement via AnnouncementUpdateView'''
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/1/update/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True,
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.title, '【悲報】データ消えました')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_set_last_modifier_via_update_view(self):
"""
お知らせを更新したとき、last_modifierがセットされる
"""
previous_modifier = self.announcement.last_modifier
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/1/update/', {
'pub_state' : 'public',
'title' : '【悲報】データ消えました',
'body' : 'サードインパクトだ!',
'silently' : True,
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.last_modifier, self.nerv)
self.assertNotEqual(e.last_modifier, previous_modifier)
def test_user_cannot_modify_author_id(self):
'''
Tests authorized user cannot modify author id.
In announcement update form, `author` is exist as hidden field.
So user can modify `author` to invalid values.
This test checks that `author` will be set by `request.user`
'''
other = PersonaFactory()
self.assertTrue(self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/1/update/', {
'pub_state' : 'public',
'title' : 'ID書き換えます!',
'body' : 'サードインパクトだ!',
'silently' : True,
'author' : other.pk # crackers attempt to masquerade
})
self.assertRedirects(r, '/announcements/1/')
self.assertEqual(Announcement.objects.count(), 1)
e = Announcement.objects.get(pk=1)
self.assertEqual(e.author, self.user)
self.assertNotEqual(e.author, other)
self.assertEqual(e.title, 'ID書き換えます!')
self.assertTrue('messages' in r.cookies, "No messages are appeared")
class AnnouncementDeleteViewTestCase(TestCase):
def setUp(self):
self.user = PersonaFactory(role='nerv')
self.user.set_password('password')
self.user.save()
self.nerv = PersonaFactory(role='nerv')
self.nerv.set_password('password')
self.nerv.save()
self.wille = PersonaFactory(role='wille')
self.wille.set_password('password')
self.wille.save()
self.other = PersonaFactory()
self.other.set_password('password')
self.other.save()
self.announcement = AnnouncementFactory(author=self.user)
def test_author_can_delete_via_announcement_delete_view(self):
'''
Tests author can delete its own announcements via AnnouncementDeleteView
'''
self.assertTrue(
self.client.login(username=self.user, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertRedirects(r, '/announcements/')
self.assertEqual(Announcement.objects.count(), 0)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_staff_can_delete_via_announcement_delete_view(self):
'''
Tests members can delete its announcements via AnnouncementDeleteView
'''
self.assertTrue(
self.client.login(username=self.nerv, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertRedirects(r, '/announcements/')
self.assertEqual(Announcement.objects.count(), 0)
self.assertTrue('messages' in r.cookies, "No messages are appeared")
def test_other_cannot_delete_via_announcement_delete_view(self):
'''
Tests others cannot delete announcements via AnnouncementDeleteView
'''
self.assertTrue(
self.client.login(username=self.other, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertEqual(Announcement.objects.count(), 1)
self.assertRedirects(
r, '{0}?next=/announcements/1/delete/'.format(settings.LOGIN_URL))
def test_wille_cannot_delete_via_announcement_delete_view(self):
'''
Tests wille cannot delete announcements via AnnouncementDeleteView
'''
self.assertTrue(
self.client.login(username=self.wille, password='******'))
r = self.client.post('/announcements/1/delete/', {})
self.assertEqual(Announcement.objects.count(), 1)
self.assertRedirects(
r, '{0}?next=/announcements/1/delete/'.format(settings.LOGIN_URL))
def test_anonymous_cannot_delete_via_announcement_delete_view(self):
'''
Tests anonymous cannot delete announcements via AnnouncementDeleteView
'''
r = self.client.post('/announcements/1/delete/', {})
self.assertEqual(Announcement.objects.count(), 1)
self.assertRedirects(
r, '{0}?next=/announcements/1/delete/'.format(settings.LOGIN_URL))
