def test_with_can_rename_forum_permission(self): """ A user with the `can_rename_forum` permission should be able to rename it. """ user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory(name="Initial forum name") forum.lti_contexts.add(lti_context) assign_perm("can_rename_forum", user, forum, True) self.client.force_login(user, "ashley.auth.backend.LTIBackend") response = self.client.get(f"/forum/admin/rename/{forum.pk}/") self.assertEqual(200, response.status_code) self.assertContains(response, "Rename the forum") update_response = self.client.post( f"/forum/admin/rename/{forum.pk}/", data={"name": "Modified forum name"}) self.assertEqual(302, update_response.status_code) self.assertEqual("Modified forum name", Forum.objects.get(pk=forum.pk).name)
def test_browsing_with_can_manage_moderator_forum_permission(self): """ A user with the `can_manage_moderator_forum` permission and `SESSION_LTI_CONTEXT_ID` should be able to access it. """ user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) assign_perm("can_manage_moderator", user, forum, True) self.client.force_login(user, "ashley.auth.backend.LTIBackend") response = self.client.get("/moderators/") # Controls the page is forbidden as session is not set self.assertEqual(403, response.status_code) session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() self.assertEqual( self.client.session.get(SESSION_LTI_CONTEXT_ID), lti_context.id ) # Now session and permission are set, we should be able to access it response = self.client.get("/moderators/") self.assertEqual(200, response.status_code) self.assertContains(response, "Manage forum's moderators")
def test_access_topic_reply_form(self): """ The post form in a created topic is overridden from django_machina, we control it still loads as expected """ user = UserFactory(lti_consumer=self.lti_consumer) assign_perm("can_read_forum", user, self.forum) assign_perm("can_reply_to_topics", user, self.forum) # Set up topic and initial post topic = TopicFactory(forum=self.forum, poster=user) PostFactory(topic=topic) # authenticate the user related to consumer self.client.force_login(user) url_topic_reply = ( f"/forum/forum/{self.forum.slug}-{self.forum.pk}" f"/topic/{topic.slug}-{topic.pk}/post/create/" ) # Run response = self.client.get(url_topic_reply, follow=True) # Check assert response.status_code == 200
def test_access_api_can_manage_moderators_update_student_no_session(self): """Users with no session can't update user""" update_user = UserFactory() api_user = UserFactory(lti_consumer=update_user.lti_consumer) lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) # Assign student group to user lti_context.sync_user_groups(update_user, ["student"]) # Assign the permission assign_perm("can_manage_moderator", api_user, forum, True) # response = self.client.patch( f"/api/v1.0/users/{update_user.id}/add_group_moderator/", content_type="application/json", ) self.assertEqual(response.status_code, 403) content = json.loads(response.content) self.assertEqual( content, {"detail": "Authentication credentials were not provided."}) # Create the session and it should work self.client.force_login(api_user, "ashley.auth.backend.LTIBackend") session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() response = self.client.patch( f"/api/v1.0/users/{update_user.id}/add_group_moderator/", content_type="application/json", ) self.assertEqual(response.status_code, 200)
def test_access_can_manage_moderators_moderator_list_students(self): """Users that can manage moderators should be able to use the API to request list of students""" user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) self.client.force_login(user, "ashley.auth.backend.LTIBackend") response = self.client.get("/api/v1.0/users/?role=student") # First it's forbidden self.assertEqual(403, response.status_code) # Add session session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() self.assertEqual(self.client.session.get(SESSION_LTI_CONTEXT_ID), lti_context.id) response = self.client.get("/api/v1.0/users/?role=student") # Still forbidden session ok but missing permission self.assertEqual(response.status_code, 403) assign_perm("can_manage_moderator", user, forum, True) # Should now be authorized response = self.client.get("/api/v1.0/users/?role=student") self.assertEqual(response.status_code, 200)
def test_access_api_can_manage_moderators_update_student_no_group_moderator( self): """If moderator group doesn't exist user can be updated and group created Case for forum created before this feature""" update_user = UserFactory() api_user = UserFactory(lti_consumer=update_user.lti_consumer) lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) # Add group student lti_context.sync_user_groups(update_user, ["student"]) # Assign the permission assign_perm("can_manage_moderator", api_user, forum, True) # Creates the session self.client.force_login(api_user, "ashley.auth.backend.LTIBackend") session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() # Data to promote user to moderator response = self.client.patch( f"/api/v1.0/users/{update_user.id}/add_group_moderator/", content_type="application/json", ) self.assertEqual(response.status_code, 200)
def test_access_api_can_manage_moderators_instructor_other_forum(self): """ If a user can manage another forum, he can't update moderators from a forum where is doesn't have this permission. """ update_user = UserFactory() api_user = UserFactory(lti_consumer=update_user.lti_consumer) lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) update_user.refresh_from_db() # Assign the permission assign_perm("can_manage_moderator", api_user, ForumFactory(), True) # Creates the session self.client.force_login(api_user, "ashley.auth.backend.LTIBackend") session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() action = random.choice( ["add_group_moderator", "remove_group_moderator"]) # Revoke user to moderator response = self.client.patch( f"/api/v1.0/users/{update_user.id}/{action}/", content_type="application/json", ) self.assertEqual(response.status_code, 403) self.assertEqual( response.json(), {"detail": "You do not have permission to perform this action."}, )
def test_access_api_update_instructor_patch(self): """ Standard instructor call to patch user is allowed but doesn't change anything, as serializer's attributes are read-only. """ # Creates a forum user = UserFactory(id=1, public_username="******") lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) lti_context.sync_user_groups(user, ["instructor"]) assign_perm("can_manage_moderator", user, forum, True) # Creates the session self.client.force_login(user, "ashley.auth.backend.LTIBackend") session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() data = {"id": 10, "public_username": "******"} response = self.client.patch( f"/api/v1.0/users/{user.id}/", json.dumps(data), content_type="application/json", ) self.assertEqual(response.status_code, 200) self.assertEqual(response.json(), {"id": 1, "public_username": "******"})
def grant_permission(self, permission, group, forum): """Grant a permission to a group in the specified forum.""" if self.apply_updates: assign_perm(permission, group, forum, True) self.stdout.write( f"ADDED {permission} for group {group.name} in forum {forum.pk} ({forum.slug})" )
def test_forum_search_archived_forum(self): """Content of an archived forum should not be indexed""" post = PostFactory(text="yah7Eo0A") forum = post.topic.forum user = UserFactory() assign_perm("can_read_forum", user, forum) # Index the post in Elasticsearch call_command("rebuild_index", interactive=False) self.client.force_login(user) response = self.client.get("/forum/search/?q=yah7") self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post, html=True) # Archive the forum forum.archived = True forum.save() # Re-build the index call_command("rebuild_index", interactive=False) # The same search should return nothing response = self.client.get("/forum/search/?q=yah7") self.assertContains(response, "Your search has returned <b>0</b> results", html=True)
def test_forum_display_button_manage_moderator(self): """ Connects a user with standard forum permission and controls that CTA to manage moderator is not present, then add the permission can_manage_moderator and control that we now see the CTA as expected """ user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory(name="Initial forum name") forum.lti_contexts.add(lti_context) assign_perm("can_read_forum", user, forum) # Connects user and go on the forum page self.client.force_login(user) response = self.client.get(f"/forum/forum/{forum.name}-{forum.id}/") # Check the CTA to manage moderators is not present self.assertNotContains( response, ('<a href="/moderators/" title="Manage moderators" class="dropdown-item">' "Manage moderators</a>"), html=True, ) # Assign permission can_manage_moderator assign_perm("can_manage_moderator", user, forum) response = self.client.get(f"/forum/forum/{forum.name}-{forum.id}/") # Check the CTA to manage moderators is now present self.assertContains( response, ('<a href="/moderators/" title="Manage moderators" class="dropdown-item">' "Manage moderators</a>"), html=True, )
def test_forum_search_only_topics(self): """ If the "search only topics" checkbox is ticked, matching content elsewhere should not return any result. """ post1 = PostFactory(subject="497jk1sav", text="497jk1sav") forum = post1.topic.forum post2 = PostFactory(topic__subject="497jk1sav", topic__forum=forum) user = UserFactory() assign_perm("can_read_forum", user, forum) # Index the post in Elasticsearch call_command("rebuild_index", interactive=False) self.client.force_login(user) # Searching without the "search_topics" flag returns post1 because it contains # the search string in its text body. response = self.client.get("/forum/search/?q=497jk") self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post1.topic.slug) # Searching with the "search_topics" flag returns post2 because it contains # the search string in the related topic subject. response = self.client.get("/forum/search/?q=497jk&search_topics=on") self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post2.topic.slug)
def test_testing_topic_announce(self): """Controls topics that are of type announcement don't have sorted options""" # Creates posts for announcement topics forum = ForumFactory() PostFactory(topic=TopicFactory(forum=forum, type=Topic.TOPIC_ANNOUNCE)) PostFactory(topic=TopicFactory(forum=forum, type=Topic.TOPIC_ANNOUNCE)) user = UserFactory() assign_perm("can_read_forum", user, forum) self.client.force_login(user) response = self.client.get(f"/forum/forum/{forum.slug}-{forum.pk}/") html = lxml.html.fromstring(response.content) # Select the header block of the announcement block, the first block announce_block = str( etree.tostring(html.cssselect(".topiclist .card-header")[0])) # Controls that announce_block is about announcements and not topics self.assertIn("Announcements", announce_block) self.assertNotIn("Topics", announce_block) self.assertIn("Replies", announce_block) self.assertIn("Views", announce_block) self.assertIn("Last post", announce_block) # There's no sortable informations self.assertNotIn("sortable sorted", announce_block) # There's no column that has a sorting link on self.assertNotIn("<a href=", announce_block) # There's no toggle sorting self.assertNotIn("Toggle sorting", announce_block)
def test_can_use_global_permissions(self): # Setup user = UserFactory.create() assign_perm('can_read_forum', user, None) # global permission checker = ForumPermissionChecker(user) # Run & check assert checker.has_perm('can_read_forum', self.forum)
def test_can_use_global_permissions(self): # Setup user = UserFactory.create() assign_perm('can_read_forum', user, None) # global permission checker = ForumPermissionChecker(user) # Run & check assert checker.has_perm('can_read_forum', self.forum)
def test_basic_user(self): """ A user without the `can_archive_forum` permission should not be able to archive it. """ user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) assign_perm("can_read_forum", user, forum) self.assertFalse(forum.archived) self.client.force_login(user, "ashley.auth.backend.LTIBackend") # The user can read the forum response = self.client.get(f"/forum/forum/{forum.slug}-{forum.pk}/") self.assertEqual(200, response.status_code) self.assertContains(response, forum.name) # but he's not allowed to archive it response = self.client.get(f"/forum/admin/archive/{forum.pk}/") self.assertEqual(403, response.status_code) update_response = self.client.post(f"/forum/admin/archive/{forum.pk}/") self.assertEqual(403, update_response.status_code) self.assertFalse(Forum.objects.get(pk=forum.pk).archived)
def test_forum_search_with_unautorized_forum_from_other_lti_context(self): """ Try to search in a forum that is not part of our LTIContext by submitting in the search form a forum from another LTIContext. """ user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) lti_context2 = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum2 = ForumFactory() forum.lti_contexts.add(lti_context) forum2.lti_contexts.add(lti_context2) PostFactory( topic=TopicFactory(forum=forum), text="Good morning world", ) PostFactory( topic=TopicFactory(forum=forum2), text="Hello world", ) # Index posts in Elasticsearch call_command("rebuild_index", interactive=False) # Connects and gets acces to the forum self.client.force_login(user, "ashley.auth.backend.LTIBackend") assign_perm("can_read_forum", user, forum) assign_perm("can_read_forum", user, forum2) session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() form = SearchForm(user=user, lti_context=lti_context) # Checks that only the forum that is allowed is proposed as choice self.assertEqual( form.fields["search_forums"].choices, [(forum.id, "{} {}".format("-" * forum.margin_level, forum.name))], ) # Despite that, we force the request on the forum that is not allowed response = self.client.get( f"/forum/search/?q=world&search_forums={forum2.id}") self.assertEqual(response.status_code, 200) # Controls that we get an error and the search is not executed self.assertContains( response, f"Select a valid choice. {forum2.id} is not one of the available choices.", html=True, ) # Valid request, we search on the forum that is allowed, we get only one result # as forum2 is ignored response = self.client.get( f"/forum/search/?q=world&search_forums={forum.id}") self.assertEqual(response.status_code, 200) self.assertContains(response, "Your search has returned <b>1</b> result", html=True)
def test_access_api_update_student_patch(self): """Standard call should not be allowed to update a student.""" # Creates a forum user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) assign_perm("can_read_forum", user, forum, True) # Creates the session self.client.force_login(user, "ashley.auth.backend.LTIBackend") session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() data = { "public_username": "******", } response = self.client.patch( f"/api/v1.0/users/{user.id}/", json.dumps(data), content_type="application/json", ) self.assertEqual(response.status_code, 403) self.assertEqual( response.json(), {"detail": "You do not have permission to perform this action."}, )
def test_forum_search_authorized(self): """A user with the rights to read a forum should be able to search.""" created_on = datetime(2020, 10, 5, 8, 13, tzinfo=timezone.utc) with mock.patch.object(timezone, "now", return_value=created_on): post = PostFactory() poster = post.poster user = UserFactory() assign_perm("can_read_forum", user, post.topic.forum) # Index the post in Elasticsearch call_command("rebuild_index", interactive=False) self.client.force_login(user) response = self.client.get("/forum/search/?q=*") # Check the format of the results self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post.subject) self.assertContains(response, post.topic.subject) self.assertContains( response, f'By: <a href="/forum/member/profile/{poster.id:d}/">{poster.public_username:s}</a>', ) self.assertContains( response, "on Oct. 5, 2020, 8:13 a.m.", )
def test_forum_search_post_poster_restrict_forums(self): """ Forum searches can be restricted to only one forum when searching for a specific poster. """ post1 = PostFactory() post2 = PostFactory(poster=post1.poster, topic__forum=post1.topic.forum) post3 = PostFactory(poster=post1.poster) user = UserFactory() assign_perm("can_read_forum", user, post1.topic.forum) assign_perm("can_read_forum", user, post3.topic.forum) # Index the post in Elasticsearch call_command("rebuild_index", interactive=False) self.client.force_login(user) response = self.client.get( f"/forum/search/?q=&search_poster_name={post1.poster.public_username}\ &search_forums={post1.topic.forum.pk}") self.assertContains(response, "Your search has returned <b>2</b> results", html=True) self.assertContains(response, post1.subject) self.assertContains(response, post2.subject) response = self.client.get( f"/forum/search/?q=&search_poster_name={post1.poster.public_username}\ &search_forums={post3.topic.forum.pk}") self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post3.subject)
def test_forum_search_several_forums_restrict_to_one(self): """Forum searches can be restricted to only one forum.""" post1 = PostFactory(text="Hello world", subject="a5g3g6k75") post2 = PostFactory(text="Good morning world", subject="497jk1sav") user = UserFactory() assign_perm("can_read_forum", user, post1.topic.forum) assign_perm("can_read_forum", user, post2.topic.forum) # Index the post in Elasticsearch call_command("rebuild_index", interactive=False) self.client.force_login(user) response = self.client.get( f"/forum/search/?q=world&search_forums={post1.topic.forum.pk}") self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post1.subject) response = self.client.get( f"/forum/search/?q=world&search_forums={post2.topic.forum.pk}") self.assertContains(response, "Your search has returned <b>1</b> result", html=True) self.assertContains(response, post2.subject)
def _get_url_list_topic_with_three_topics(self): """Creates a forum with three topics and a user to access the forum that has the permission to access it. It's a shortcut used in all the tests below.""" forum = ForumFactory() # create 3 topics with distinct subject, views_count and date PostFactory( topic=TopicFactory(forum=forum, views_count=9), subject="TOPIC B the eldest with 9 views_count", ) PostFactory( topic=TopicFactory(forum=forum, views_count=6), subject="TOPIC A created second with 6 views_count", ) PostFactory( topic=TopicFactory(forum=forum, views_count=12), subject="TOPIC C the newest one with 12 views_count", ) user = UserFactory() assign_perm("can_read_forum", user, forum) self.client.force_login(user) # Setup url_list_topic = f"/forum/forum/{forum.slug}-{forum.pk}/" return forum, url_list_topic
def test_access_can_manage_moderators_list_non_moderators(self): """Users that can manage moderators should be able to use the API to request list of users that are not moderators""" user = UserFactory() lti_context = LTIContextFactory(lti_consumer=user.lti_consumer) forum = ForumFactory() forum.lti_contexts.add(lti_context) self.client.force_login(user, "ashley.auth.backend.LTIBackend") response = self.client.get("/api/v1.0/users/?role=!moderator") # First it's forbidden self.assertEqual(403, response.status_code) # Add permission assign_perm("can_manage_moderator", user, forum, True) # Still forbidden, missing the session response = self.client.get("/api/v1.0/users/?!role=moderator") self.assertEqual(403, response.status_code) # Add session session = self.client.session session[SESSION_LTI_CONTEXT_ID] = lti_context.id session.save() self.assertEqual(self.client.session.get(SESSION_LTI_CONTEXT_ID), lti_context.id) response = self.client.get("/api/v1.0/users/?role=!moderator") # Permission + session added, it should be allowed self.assertEqual(response.status_code, 200)
def test_knows_that_user_permissions_take_precedence_over_user_global_permissions(self): # Setup user = UserFactory.create() assign_perm('can_read_forum', user, None) # global permission assign_perm('can_read_forum', user, self.forum, has_perm=False) checker = ForumPermissionChecker(user) # Run & check assert not checker.has_perm('can_read_forum', self.forum)
def test_knows_that_user_permissions_take_precedence_over_user_global_permissions(self): # Setup user = UserFactory.create() assign_perm('can_read_forum', user, None) # global permission assign_perm('can_read_forum', user, self.forum, has_perm=False) checker = ForumPermissionChecker(user) # Run & check assert not checker.has_perm('can_read_forum', self.forum)
def test_knows_that_user_permissions_take_precedence_over_group_permissions(self): # Setup user = UserFactory.create() group = GroupFactory.create() user.groups.add(group) assign_perm('can_read_forum', user, self.forum, has_perm=False) assign_perm('can_read_forum', group, self.forum, has_perm=True) checker = ForumPermissionChecker(user) # Run & check assert not checker.has_perm('can_read_forum', self.forum)
def _assign_permissions(forum, group, permissions: List[str]): """Grant a list of permissions for a group on a specific forum.""" for perm in permissions: logger.debug( "Grant permission %s to group %s on forum %s", perm, group.name, forum.lti_id, ) assign_perm(perm, group, forum, True)
def test_knows_that_user_permissions_take_precedence_over_group_permissions(self): # Setup user = UserFactory.create() group = GroupFactory.create() user.groups.add(group) assign_perm('can_read_forum', user, self.forum, has_perm=False) assign_perm('can_read_forum', group, self.forum, has_perm=True) checker = ForumPermissionChecker(user) # Run & check assert not checker.has_perm('can_read_forum', self.forum)
def test_testing_topic_announce_dont_get_ordered(self): """ Controls topics that are of type announcement don't get ordered if sorting is submitted in url. Orders are only applied to Topic posts. """ forum = ForumFactory() user = UserFactory() assign_perm("can_read_forum", user, forum) self.client.force_login(user) # Creates posts for announcement topics topicAnnounce1 = TopicFactory(forum=forum, type=Topic.TOPIC_ANNOUNCE, views_count=100) topicAnnounce2 = TopicFactory(forum=forum, type=Topic.TOPIC_ANNOUNCE, views_count=200) PostFactory( topic=topicAnnounce1, subject="TOPIC A TYPE ANNOUNCED", ) PostFactory( topic=topicAnnounce2, subject="TOPIC B TYPE ANNOUNCED", ) # Post of topicAnnounce2 has been created last, it should be the first one on the list self.assertLess(topicAnnounce1.last_post_on, topicAnnounce2.last_post_on) # Orders on column view_post response = self.client.get( f"/forum/forum/{forum.slug}-{forum.pk}/?o=2") # Orders is respected on default creation order self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED", "TOPIC A TYPE ANNOUNCED") # Reverses order response = self.client.get( f"/forum/forum/{forum.slug}-{forum.pk}/?o=-2") # Orders of announcement topics stays the same self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED", "TOPIC A TYPE ANNOUNCED") # Orders on replies column response = self.client.get( f"/forum/forum/{forum.slug}-{forum.pk}/?o=-1") # Shows order is respected on default creation order self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED", "TOPIC A TYPE ANNOUNCED") # Reverses order response = self.client.get( f"/forum/forum/{forum.slug}-{forum.pk}/?o=1") # Orders of announcement topics stays the same self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED", "TOPIC A TYPE ANNOUNCED")
def test_knows_that_alluser_permissions_take_precedence_over_default_authenticated_permissions( self): # noqa: E501 user = UserFactory.create() # Negate DEFAULT_AUTHENTICATED_USER_FORUM_PERMISSIONS assign_perm('can_see_forum', ALL_AUTHENTICATED_USERS, self.forum, has_perm=False) checker = ForumPermissionChecker(user) # Run & check assert not checker.has_perm('can_see_forum', self.forum)
def test_knows_that_alluser_permissions_take_precedence_over_alluser_global_permissions( self): # Setup user = UserFactory.create() # Test globally True but forum level False assign_perm('can_read_forum', ALL_AUTHENTICATED_USERS, None, has_perm=True) assign_perm('can_read_forum', ALL_AUTHENTICATED_USERS, self.forum, has_perm=False) # Test globally False but forum level True assign_perm('can_edit_own_posts', ALL_AUTHENTICATED_USERS, None, has_perm=False) assign_perm('can_edit_own_posts', ALL_AUTHENTICATED_USERS, self.forum, has_perm=True) checker = ForumPermissionChecker(user) # Run & check assert not checker.has_perm('can_read_forum', self.forum) assert checker.has_perm('can_edit_own_posts', self.forum)
def test_forum_search_post_failure(self): """Searching for a word not present in post, topic or username should return no result.""" post = PostFactory(text="a5g3g6k75", subject="497jk1sav") user = UserFactory() assign_perm("can_read_forum", user, post.topic.forum) # Index the post in Elasticsearch call_command("rebuild_index", interactive=False) self.client.force_login(user) response = self.client.get("/forum/search/?q=blabla") self.assertContains(response, "Your search has returned <b>0</b> results", html=True)
def test_permissions_returned_for_alluser_when_not_in_group_for_given_forum( self): """ When all_users permission is set, a user that has no own permissions and is not in a group that has permissions on the given forum, still has a permission (via all_users) on the given forum """ user = UserFactory.create() assign_perm('can_read_forum', ALL_AUTHENTICATED_USERS, self.forum, has_perm=True) checker = ForumPermissionChecker(user) # Run & check assert checker.has_perm('can_read_forum', self.forum)
def test_knows_that_granted_permissions_should_take_precedence_over_the_same_non_granted_permissions(self): # noqa: E501 # Setup user = UserFactory.create() group_all_users = GroupFactory.create() group_specific_access = GroupFactory.create() user.groups.add(group_all_users) user.groups.add(group_specific_access) assign_perm('can_read_forum', group_all_users, None) # global permission assign_perm('can_read_forum', group_all_users, self.forum, has_perm=False) assign_perm('can_read_forum', group_specific_access, self.forum, has_perm=True) checker = ForumPermissionChecker(user) # Run & check assert checker.has_perm('can_read_forum', self.forum)