def test_delete_someones_reply_not_owner(self):
"""Delete someone else's comment as NOT the owner of the entry."""
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.u
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
assert Comment.objects.filter(diary=self.e.id, creator=self.u).exists()
comm = get_object_or_404(Comment, diary=self.e.id, creator=self.u)
url = reverse('diary.delete_comment', args=[comm.id])
request = self.factory.post(url)
request.user = self.c
fn = lambda: views.delete_comment(request, comment_id=comm.id)
self.assertRaises(PermissionDenied, fn)
def test_delete_own_reply_diff_diary(self):
"""Delete own comment as NOT the owner of the entry."""
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.c
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
assert Comment.objects.filter(diary=self.e.id, creator=self.c).exists()
comm = get_object_or_404(Comment, diary=self.e.id, creator=self.c)
url = reverse('diary.delete_comment', args=[comm.id])
request = self.factory.post(url)
request.user = self.c
response = views.delete_comment(request, comment_id=comm.id)
assert not (Comment.objects.filter(diary=self.e.id, creator=self.c).
exists())
