def test_nonowner_nopass_snippet(self):
self.client.login(username='******',password='******')
# Test that without password we can't do anything
request = self.factory.get('/'+str(self.sam_snippet.id)+'/')
request.session = self.client.session
self.assertFalse( auth.allow( request, self.sam_snippet, "view_access_token" ) )
self.assertFalse( auth.allow( request, self.sam_snippet, "view" ) )
self.assertFalse( auth.allow( request, self.sam_snippet, "add_comment" ) )
self.assertFalse( auth.allow( request, self.sam_snippet, "delete" ) )
def test_nonowner_withpass_snippet(self):
self.client.login(username='******',password='******')
# Test that non-owner can only view with password
request = self.factory.get('/'+str(self.sam_snippet.id)+'/?access_token=asda')
request.session = self.client.session
self.assertTrue( auth.allow( request, self.sam_snippet, "view_access_token" ) )
self.assertTrue( auth.allow( request, self.sam_snippet, "view" ) )
self.assertFalse( auth.allow( request, self.sam_snippet, "add_comment" ) )
self.assertFalse( auth.allow( request, self.sam_snippet, "delete" ) )
def test_auth_public(self):
request = self.factory.get('/'+str(self.public_snippet.id))
request.session = self.client.session
self.assertTrue( auth.allow( request, self.public_snippet, "view" ) )
self.assertTrue( auth.allow( request, self.public_snippet, "add_comment" ) )
self.assertFalse( auth.allow( request, self.public_snippet, "view_access_token" ) )
self.assertFalse( auth.allow( request, self.public_snippet, "delete" ) )
request = self.factory.get('/'+str(self.public_snippet.id)+'/?access_token=asda')
request.session = self.client.session
self.assertTrue( auth.allow( request, self.public_snippet, "view_access_token" ) )
self.assertTrue( auth.allow( request, self.public_snippet, "delete" ) )
request = self.factory.get('/'+str(self.public_snippet.id)+'/?snippet_access_token=asda')
request.session = self.client.session
self.assertTrue( auth.allow( request, self.public_snippet, "view_access_token" ) )
self.assertTrue( auth.allow( request, self.public_snippet, "delete" ) )
def test_owner_anything(self):
self.client.login(username='******',password='******')
request = self.factory.get('/'+str(self.john_snippet.id))
request.session = self.client.session
self.assertTrue( auth.allow( request, self.john_snippet, "view" ) )
self.assertTrue( auth.allow( request, self.john_snippet, "add_comment" ) )
self.assertTrue( auth.allow( request, self.john_snippet, "view_access_token" ) )
self.assertTrue( auth.allow( request, self.john_snippet, "delete" ) )
self.client.login(username='******',password='******')
request = self.factory.get('/'+str(self.sam_snippet.id))
request.session = self.client.session
self.assertTrue( auth.allow( request, self.sam_snippet, "view" ) )
self.assertTrue( auth.allow( request, self.sam_snippet, "add_comment" ) )
self.assertTrue( auth.allow( request, self.sam_snippet, "view_access_token" ) )
self.assertTrue( auth.allow( request, self.sam_snippet, "delete" ) )
