def move_thread(request, forum_slug, thread_id):
"""Move a thread."""
forum = get_object_or_404(Forum, slug=forum_slug)
thread = get_object_or_404(Thread, pk=thread_id, forum=forum)
user = request.user
new_forum_id = request.POST.get('forum')
new_forum = get_object_or_404(Forum, id=new_forum_id)
# Don't admit that unviewable forums exist or allow escalation of privs by
# moving things to a looser forum:
if not (forum.allows_viewing_by(user) and
new_forum.allows_viewing_by(user)):
raise Http404
# Don't allow the equivalent of posting here by posting elsewhere then
# moving:
if not new_forum.allows_posting_by(user):
raise PermissionDenied
if not (has_perm(user, 'forums_forum.thread_move_forum', new_forum) and
has_perm(user, 'forums_forum.thread_move_forum', forum)):
raise PermissionDenied
log.warning('User %s is moving thread with id=%s to forum with id=%s' %
(user, thread.id, new_forum_id))
thread.forum = new_forum
thread.save()
return HttpResponseRedirect(thread.get_absolute_url())
def move_thread(request, forum_slug, thread_id):
"""Move a thread."""
forum = get_object_or_404(Forum, slug=forum_slug)
thread = get_object_or_404(Thread, pk=thread_id, forum=forum)
user = request.user
new_forum_id = request.POST.get('forum')
new_forum = get_object_or_404(Forum, id=new_forum_id)
# Don't admit that unviewable forums exist or allow escalation of privs by
# moving things to a looser forum:
if not (forum.allows_viewing_by(user) and
new_forum.allows_viewing_by(user)):
raise Http404
# Don't allow the equivalent of posting here by posting elsewhere then
# moving:
if not new_forum.allows_posting_by(user):
raise PermissionDenied
if not (has_perm(user, 'forums_forum.thread_move_forum', new_forum) and
has_perm(user, 'forums_forum.thread_move_forum', forum)):
raise PermissionDenied
log.warning('User %s is moving thread with id=%s to forum with id=%s' %
(user, thread.id, new_forum_id))
thread.forum = new_forum
thread.save()
return HttpResponseRedirect(thread.get_absolute_url())
def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
from kitsune.forums.tests import RestrictedForumFactory
f1 = RestrictedForumFactory()
f2 = RestrictedForumFactory()
# Give user permission to one of the forums
u = UserFactory()
perm = 'forums_forum.view_in_forum'
ct = ContentType.objects.get_for_model(f1)
PermissionFactory(codename=perm, content_type=ct, object_id=f1.id, user=u)
assert access.has_perm(u, perm, f1)
assert not access.has_perm(u, perm, f2)
def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
from kitsune.forums.tests import RestrictedForumFactory
f1 = RestrictedForumFactory()
f2 = RestrictedForumFactory()
# Give user permission to one of the forums
u = UserFactory()
perm = "forums_forum.view_in_forum"
ct = ContentType.objects.get_for_model(f1)
PermissionFactory(codename=perm, content_type=ct, object_id=f1.id, user=u)
assert access.has_perm(u, perm, f1)
assert not access.has_perm(u, perm, f2)
def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
# Give user permission to one of the forums
u = user(save=True)
perm = 'forums_forum.view_in_forum'
ct = ContentType.objects.get_for_model(f1)
permission(codename=perm, content_type=ct,
object_id=f1.id, user=u, save=True)
assert access.has_perm(u, perm, f1)
assert not access.has_perm(u, perm, f2)
def has_perm(context, perm, obj):
"""
Check if the user has a permission on a specific object.
Returns boolean.
"""
return access.has_perm(context['request'].user, perm, obj)
def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
# Give user permission to one of the forums
u = user(save=True)
perm = 'forums_forum.view_in_forum'
ct = ContentType.objects.get_for_model(f1)
permission(codename=perm,
content_type=ct,
object_id=f1.id,
user=u,
save=True)
assert access.has_perm(u, perm, f1)
assert not access.has_perm(u, perm, f2)
def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
admin = User.objects.get(pk=1)
# Loop over all forums perms and both forums
perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
'thread_sticky_forum', 'thread_locked_forum',
'post_delete_forum')
forums = (self.forum_1, self.forum_2)
for perm in perms:
for forum in forums:
assert access.has_perm(admin, 'forums_forum.' + perm, forum)
def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
admin = user(is_staff=True, is_superuser=True, save=True)
# Loop over all forums perms and both forums
perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
'thread_sticky_forum', 'thread_locked_forum',
'post_delete_forum', 'view_in_forum')
for perm in perms:
for forum in [f1, f2]:
assert access.has_perm(admin, 'forums_forum.' + perm, forum)
def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
from kitsune.forums.tests import restricted_forum
f1 = restricted_forum()
f2 = restricted_forum()
admin = user(is_staff=True, is_superuser=True, save=True)
# Loop over all forums perms and both forums
perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
'thread_sticky_forum', 'thread_locked_forum',
'post_delete_forum', 'view_in_forum')
for perm in perms:
for forum in [f1, f2]:
assert access.has_perm(admin, 'forums_forum.' + perm, forum)
def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
from kitsune.forums.tests import RestrictedForumFactory
f1 = RestrictedForumFactory()
f2 = RestrictedForumFactory()
admin = UserFactory(is_staff=True, is_superuser=True)
# Loop over all forums perms and both forums
perms = (
"thread_edit_forum",
"thread_delete_forum",
"post_edit_forum",
"thread_sticky_forum",
"thread_locked_forum",
"post_delete_forum",
"view_in_forum",
)
for perm in perms:
for forum in [f1, f2]:
assert access.has_perm(admin, "forums_forum." + perm, forum)
def allows_posting_by(self, user):
"""Return whether a user can make threads and posts in me."""
return (self._allows_public_posting() or
has_perm(user, 'forums_forum.post_in_forum', self))
def allows_viewing_by(self, user):
"""Return whether a user can view me, my threads, and their posts."""
return (self._allows_public_viewing() or
has_perm(user, 'forums_forum.view_in_forum', self))
def allows_posting_by(self, user):
"""Return whether a user can make threads and posts in me."""
return (self._allows_public_posting()
or has_perm(user, 'forums_forum.post_in_forum', self))
def allows_viewing_by(self, user):
"""Return whether a user can view me, my threads, and their posts."""
return (self._allows_public_viewing()
or has_perm(user, 'forums_forum.view_in_forum', self))
def test_has_perm_per_object(self):
"""Assert has_perm checks per-object permissions correctly."""
user = User.objects.get(pk=47963)
perm = 'forums_forum.thread_edit_forum'
assert access.has_perm(user, perm, self.forum_1)
assert not access.has_perm(user, perm, self.forum_2)