def test_delete_post_belongs_to_thread_and_forum(self):
# Delete post action - post belongs to thread and thread
# belongs to forum.
f = ForumFactory()
t = ThreadFactory(forum=f)
# Post belongs to a different forum and thread.
p = PostFactory()
u = p.author
# Give the user the permission to delete posts.
g = GroupFactory()
ct = ContentType.objects.get_for_model(f)
PermissionFactory(codename='forums_forum.post_delete_forum',
content_type=ct, object_id=p.thread.forum_id, group=g)
PermissionFactory(codename='forums_forum.post_delete_forum',
content_type=ct, object_id=f.id, group=g)
g.user_set.add(u)
self.client.login(username=u.username, password='******')
# Post isn't in the passed forum:
r = get(self.client, 'forums.delete_post',
args=[f.slug, p.thread.id, p.id])
eq_(404, r.status_code)
# Post isn't in the passed thread:
r = get(self.client, 'forums.delete_post',
args=[p.thread.forum.slug, t.id, p.id])
eq_(404, r.status_code)
def setUp(self):
url = reverse('forums.threads', args=[u'test-forum'])
self.context = {'request': RequestFactory().get(url)}
self.group = GroupFactory()
# Set up forum_1
f = self.forum_1 = ForumFactory()
ct = ContentType.objects.get_for_model(self.forum_1)
permission_names = [
'forums_forum.thread_edit_forum',
'forums_forum.post_edit_forum',
'forums_forum.post_delete_forum',
'forums_forum.thread_delete_forum',
'forums_forum.thread_sticky_forum',
'forums_forum.thread_move_forum',
]
for name in permission_names:
PermissionFactory(codename=name,
content_type=ct,
object_id=f.id,
group=self.group)
# Set up forum_2
f = self.forum_2 = ForumFactory()
PermissionFactory(codename='forums_forum.thread_move_forum',
content_type=ct,
object_id=f.id,
group=self.group)
def test_move_thread(self):
"""Move a thread."""
t = ThreadFactory()
f = ForumFactory()
u = UserFactory()
g = GroupFactory()
# Give the user permission to move threads between the two forums.
ct = ContentType.objects.get_for_model(f)
PermissionFactory(codename="forums_forum.thread_move_forum",
content_type=ct,
object_id=f.id,
group=g)
PermissionFactory(
codename="forums_forum.thread_move_forum",
content_type=ct,
object_id=t.forum.id,
group=g,
)
g.user_set.add(u)
self.client.login(username=u.username, password="******")
response = post(self.client,
"forums.move_thread", {"forum": f.id},
args=[t.forum.slug, t.id])
eq_(200, response.status_code)
t = Thread.objects.get(pk=t.pk)
eq_(f.id, t.forum.id)
def test_access_restriction(self):
"""Assert Forums are inaccessible to the public when restricted."""
# If the a forum has 'forums_forum.view_in_forum' permission defined,
# then it isn't public by default. If it has
# 'forums_forum.post_in_forum', then it isn't postable to by default.
f = ForumFactory()
ct = ContentType.objects.get_for_model(f)
PermissionFactory(codename='forums_forum.view_in_forum', content_type=ct, object_id=f.id)
PermissionFactory(codename='forums_forum.post_in_forum', content_type=ct, object_id=f.id)
unprivileged_user = UserFactory()
assert not f.allows_viewing_by(unprivileged_user)
assert not f.allows_posting_by(unprivileged_user)
def test_edit_post_moderator(self):
"""Editing post as a moderator works."""
p = PostFactory()
t = p.thread
f = t.forum
# Create the moderator group, give it the edit permission
# and add a moderator.
moderator_group = GroupFactory()
ct = ContentType.objects.get_for_model(f)
PermissionFactory(
codename="forums_forum.post_edit_forum",
content_type=ct,
object_id=f.id,
group=moderator_group,
)
moderator = UserFactory()
moderator_group.user_set.add(moderator)
self.client.login(username=moderator.username, password="******")
r = post(
self.client,
"forums.edit_post",
{"content": "More new content"},
args=[f.slug, t.id, p.id],
)
eq_(200, r.status_code)
edited_p = Post.objects.get(pk=p.pk)
eq_("More new content", edited_p.content)
def permission_code(forum, created, extracted, **kwargs):
assert created
permission = extracted or "forums_forum.view_in_forum"
ct = ContentType.objects.get_for_model(forum)
PermissionFactory(codename=permission,
content_type=ct,
object_id=forum.id)
def test_delete_thread_belongs_to_forum(self):
"""Delete thread action - thread belongs to forum."""
f = ForumFactory()
t = ThreadFactory() # Thread belongs to a different forum
u = UserFactory()
# Give the user the permission to delete threads.
g = GroupFactory()
ct = ContentType.objects.get_for_model(f)
PermissionFactory(codename='forums_forum.thread_delete_forum',
content_type=ct, object_id=f.id, group=g)
PermissionFactory(codename='forums_forum.thread_delete_forum',
content_type=ct, object_id=t.forum.id, group=g)
g.user_set.add(u)
self.client.login(username=u.username, password='******')
r = get(self.client, 'forums.delete_thread', args=[f.slug, t.id])
eq_(404, r.status_code)
def test_restricted_is_invisible(self):
"""Forums with restricted view_in permission shouldn't show up."""
restricted_forum = ForumFactory()
# Make it restricted.
ct = ContentType.objects.get_for_model(restricted_forum)
PermissionFactory(codename='forums_forum.view_in_forum', content_type=ct,
object_id=restricted_forum.id)
response = get(self.client, 'forums.forums')
self.assertNotContains(response, restricted_forum.slug)
def test_restricted_hide_new_thread(self):
"""'Post new thread' doesn't show if user has no permission to post.
"""
f = ForumFactory()
ct = ContentType.objects.get_for_model(f)
# If the forum has the permission and the user isn't assigned said
# permission, then they can't post.
PermissionFactory(codename='forums_forum.post_in_forum', content_type=ct, object_id=f.id)
u = UserFactory()
self.client.login(username=u.username, password='******')
response = get(self.client, 'forums.threads', args=[f.slug])
self.assertNotContains(response, 'Post a new thread')
def test_restricted_hide_reply(self):
"""Reply fields don't show if user has no permission to post."""
t = ThreadFactory()
f = t.forum
ct = ContentType.objects.get_for_model(f)
# If the forum has the permission and the user isn't assigned said
# permission, then they can't post.
PermissionFactory(codename='forums_forum.post_in_forum', content_type=ct, object_id=f.id)
u = UserFactory()
self.client.login(username=u.username, password='******')
response = get(self.client, 'forums.posts', args=[f.slug, t.pk])
self.assertNotContains(response, 'thread-reply')
def test_sticky_thread_belongs_to_forum(self):
"""Sticky action - thread belongs to forum."""
f = ForumFactory()
t = ThreadFactory() # Thread belongs to a different forum
u = UserFactory()
# Give the user the permission to sticky threads.
g = GroupFactory()
ct = ContentType.objects.get_for_model(f)
PermissionFactory(codename="forums_forum.thread_sticky_forum",
content_type=ct,
object_id=f.id,
group=g)
PermissionFactory(
codename="forums_forum.thread_sticky_forum",
content_type=ct,
object_id=t.forum.id,
group=g,
)
g.user_set.add(u)
self.client.login(username=u.username, password="******")
r = post(self.client, "forums.sticky_thread", {}, args=[f.slug, t.id])
eq_(404, r.status_code)
def test_edit_thread_moderator(self):
"""Editing post as a moderator works."""
t = ThreadFactory()
f = t.forum
u = UserFactory()
g = GroupFactory()
ct = ContentType.objects.get_for_model(f)
PermissionFactory(codename='forums_forum.thread_edit_forum', content_type=ct,
object_id=f.id, group=g)
g.user_set.add(u)
self.client.login(username=u.username, password='******')
r = post(self.client, 'forums.edit_thread',
{'title': 'new title'}, args=[f.slug, t.id])
eq_(200, r.status_code)
edited_t = Thread.objects.get(id=t.id)
eq_('new title', edited_t.title)
def test_discussion_forum_with_restricted_forums(self):
"""Tests who can see restricted forums in search form."""
# This is a long test, but it saves us from doing the setup
# twice.
forum1 = ForumFactory(name=u'ou812forum')
thread1 = ThreadFactory(forum=forum1, title=u'audio 2')
PostFactory(thread=thread1)
forum2 = RestrictedForumFactory(name=u'restrictedkeepout')
thread2 = ThreadFactory(forum=forum2, title=u'audio 2')
PostFactory(thread=thread2)
self.refresh()
# Get the Advanced Search Form as an anonymous user
response = self.client.get(reverse('search.advanced'), {'a': '2'})
eq_(200, response.status_code)
# Regular forum should show up
assert 'ou812forum' in response.content
# Restricted forum should not show up
assert 'restrictedkeepout' not in response.content
u = UserFactory()
g = GroupFactory()
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
PermissionFactory(
codename='forums_forum.view_in_forum',
content_type=ct,
object_id=forum2.id,
group=g)
# Get the Advanced Search Form as a logged in user
self.client.login(username=u.username, password='******')
response = self.client.get(reverse('search.advanced'), {'a': '2'})
eq_(200, response.status_code)
# Both forums should show up for authorized user
assert 'ou812forum' in response.content
assert 'restrictedkeepout' in response.content
def test_forums_search_authorized_forums_specifying_forums(self):
"""Only authorized people can search certain forums they specified"""
# Create two threads: one in a restricted forum and one not.
forum1 = ForumFactory(name="ou812forum")
thread1 = ThreadFactory(forum=forum1)
PostFactory(thread=thread1, content="audio")
forum2 = RestrictedForumFactory(name="restrictedkeepout")
thread2 = ThreadFactory(forum=forum2)
PostFactory(thread=thread2, content="audio restricted")
self.refresh()
# Do a search as an anonymous user and specify both
# forums. Should only see the post from the unrestricted
# forum.
response = self.client.get(
reverse("search.advanced"),
{
"author": "",
"created": "0",
"created_date": "",
"updated": "0",
"updated_date": "",
"sortby": "0",
"forum": [forum1.id, forum2.id],
"a": "1",
"w": "4",
"q": "audio",
"format": "json",
},
)
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content["total"], 1)
# Do a search as an authorized user and specify both
# forums. Should see both posts.
u = UserFactory()
g = GroupFactory()
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
PermissionFactory(codename="forums_forum.view_in_forum",
content_type=ct,
object_id=forum2.id,
group=g)
self.client.login(username=u.username, password="******")
response = self.client.get(
reverse("search.advanced"),
{
"author": "",
"created": "0",
"created_date": "",
"updated": "0",
"updated_date": "",
"sortby": "0",
"forum": [forum1.id, forum2.id],
"a": "1",
"w": "4",
"q": "audio",
"format": "json",
},
)
# Sees both results
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content["total"], 2)
def test_forums_search_authorized_forums_specifying_forums(self):
"""Only authorized people can search certain forums they specified"""
# Create two threads: one in a restricted forum and one not.
forum1 = ForumFactory(name=u'ou812forum')
thread1 = ThreadFactory(forum=forum1)
PostFactory(thread=thread1, content=u'audio')
forum2 = RestrictedForumFactory(name=u'restrictedkeepout')
thread2 = ThreadFactory(forum=forum2)
PostFactory(thread=thread2, content=u'audio restricted')
self.refresh()
# Do a search as an anonymous user and specify both
# forums. Should only see the post from the unrestricted
# forum.
response = self.client.get(reverse('search.advanced'), {
'author': '',
'created': '0',
'created_date': '',
'updated': '0',
'updated_date': '',
'sortby': '0',
'forum': [forum1.id, forum2.id],
'a': '1',
'w': '4',
'q': 'audio',
'format': 'json'
})
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content['total'], 1)
# Do a search as an authorized user and specify both
# forums. Should see both posts.
u = UserFactory()
g = GroupFactory()
g.user_set.add(u)
ct = ContentType.objects.get_for_model(forum2)
PermissionFactory(
codename='forums_forum.view_in_forum',
content_type=ct,
object_id=forum2.id,
group=g)
self.client.login(username=u.username, password='******')
response = self.client.get(reverse('search.advanced'), {
'author': '',
'created': '0',
'created_date': '',
'updated': '0',
'updated_date': '',
'sortby': '0',
'forum': [forum1.id, forum2.id],
'a': '1',
'w': '4',
'q': 'audio',
'format': 'json'
})
# Sees both results
eq_(200, response.status_code)
content = json.loads(response.content)
eq_(content['total'], 2)