def test_review_on_item_bad(self):
register(RegisteredUser('TomerTomer', '1234567878'))
ItemsLogic.add_item_to_shop(
Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0), 'YoniYoni')
ItemsLogic.add_review_on_item(ItemReview('TomerTomer', 1, 'Good', 10))
reviews = get_all_reviews_on_item(1)
self.assertEqual(reviews, [])
def test_review_on_item_bad_writer(self):
register(RegisteredUser('TomerTomer', '1234567878'))
ItemsLogic.add_item_to_shop(
Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0), 'YoniYoni')
purchase_id = add_purchase_and_return_id(datetime.now(), 'TomerTomer',
0)
PurchasedItems.add_purchased_item(purchase_id, 1, 5, 10)
ItemsLogic.add_review_on_item(ItemReview('YoniYoni', 1, 'Good', 10))
self.assertFalse(get_all_reviews_on_item(1))
def add_review_on_item(request):
if request.method == 'POST':
item_id = request.POST.get('item_id')
description = request.POST.get('description')
rank = request.POST.get('rank')
event = "ADD REVIEW"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
item_id, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
description, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
rank, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
writer_name = Consumer.loggedInUsers.get(login)
old_review = ItemsLogic.get_item_review_with_writer(
item_id, writer_name)
if old_review is not False:
return HttpResponse('has reviews')
review = ItemReview(writer_name, item_id, description, rank)
if ItemsLogic.add_review_on_item(review):
return HttpResponse('success')
return HttpResponse('fail')