def test_with_can_rename_forum_permission(self):
"""
A user with the `can_rename_forum` permission should be able
to rename it.
"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory(name="Initial forum name")
forum.lti_contexts.add(lti_context)
assign_perm("can_rename_forum", user, forum, True)
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
response = self.client.get(f"/forum/admin/rename/{forum.pk}/")
self.assertEqual(200, response.status_code)
self.assertContains(response, "Rename the forum")
update_response = self.client.post(
f"/forum/admin/rename/{forum.pk}/",
data={"name": "Modified forum name"})
self.assertEqual(302, update_response.status_code)
self.assertEqual("Modified forum name",
Forum.objects.get(pk=forum.pk).name)
def test_browsing_with_can_manage_moderator_forum_permission(self):
"""
A user with the `can_manage_moderator_forum` permission and
`SESSION_LTI_CONTEXT_ID` should be able to access it.
"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
assign_perm("can_manage_moderator", user, forum, True)
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
response = self.client.get("/moderators/")
# Controls the page is forbidden as session is not set
self.assertEqual(403, response.status_code)
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
self.assertEqual(
self.client.session.get(SESSION_LTI_CONTEXT_ID), lti_context.id
)
# Now session and permission are set, we should be able to access it
response = self.client.get("/moderators/")
self.assertEqual(200, response.status_code)
self.assertContains(response, "Manage forum's moderators")
def test_access_topic_reply_form(self):
"""
The post form in a created topic is overridden from django_machina,
we control it still loads as expected
"""
user = UserFactory(lti_consumer=self.lti_consumer)
assign_perm("can_read_forum", user, self.forum)
assign_perm("can_reply_to_topics", user, self.forum)
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user)
PostFactory(topic=topic)
# authenticate the user related to consumer
self.client.force_login(user)
url_topic_reply = (
f"/forum/forum/{self.forum.slug}-{self.forum.pk}"
f"/topic/{topic.slug}-{topic.pk}/post/create/"
)
# Run
response = self.client.get(url_topic_reply, follow=True)
# Check
assert response.status_code == 200
def test_access_api_can_manage_moderators_update_student_no_session(self):
"""Users with no session can't update user"""
update_user = UserFactory()
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
# Assign student group to user
lti_context.sync_user_groups(update_user, ["student"])
# Assign the permission
assign_perm("can_manage_moderator", api_user, forum, True)
#
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 403)
content = json.loads(response.content)
self.assertEqual(
content,
{"detail": "Authentication credentials were not provided."})
# Create the session and it should work
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
def test_access_can_manage_moderators_moderator_list_students(self):
"""Users that can manage moderators should be able to use the API to request
list of students"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
response = self.client.get("/api/v1.0/users/?role=student")
# First it's forbidden
self.assertEqual(403, response.status_code)
# Add session
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
self.assertEqual(self.client.session.get(SESSION_LTI_CONTEXT_ID),
lti_context.id)
response = self.client.get("/api/v1.0/users/?role=student")
# Still forbidden session ok but missing permission
self.assertEqual(response.status_code, 403)
assign_perm("can_manage_moderator", user, forum, True)
# Should now be authorized
response = self.client.get("/api/v1.0/users/?role=student")
self.assertEqual(response.status_code, 200)
def test_access_api_can_manage_moderators_update_student_no_group_moderator(
self):
"""If moderator group doesn't exist user can be updated and group created
Case for forum created before this feature"""
update_user = UserFactory()
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
# Add group student
lti_context.sync_user_groups(update_user, ["student"])
# Assign the permission
assign_perm("can_manage_moderator", api_user, forum, True)
# Creates the session
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
# Data to promote user to moderator
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
def test_access_api_can_manage_moderators_instructor_other_forum(self):
"""
If a user can manage another forum, he can't update moderators from a forum
where is doesn't have this permission.
"""
update_user = UserFactory()
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
update_user.refresh_from_db()
# Assign the permission
assign_perm("can_manage_moderator", api_user, ForumFactory(), True)
# Creates the session
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
action = random.choice(
["add_group_moderator", "remove_group_moderator"])
# Revoke user to moderator
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/{action}/",
content_type="application/json",
)
self.assertEqual(response.status_code, 403)
self.assertEqual(
response.json(),
{"detail": "You do not have permission to perform this action."},
)
def test_access_api_update_instructor_patch(self):
"""
Standard instructor call to patch user is allowed but doesn't change anything,
as serializer's attributes are read-only.
"""
# Creates a forum
user = UserFactory(id=1, public_username="******")
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
lti_context.sync_user_groups(user, ["instructor"])
assign_perm("can_manage_moderator", user, forum, True)
# Creates the session
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
data = {"id": 10, "public_username": "******"}
response = self.client.patch(
f"/api/v1.0/users/{user.id}/",
json.dumps(data),
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), {"id": 1, "public_username": "******"})
def grant_permission(self, permission, group, forum):
"""Grant a permission to a group in the specified forum."""
if self.apply_updates:
assign_perm(permission, group, forum, True)
self.stdout.write(
f"ADDED {permission} for group {group.name} in forum {forum.pk} ({forum.slug})"
)
def test_forum_search_archived_forum(self):
"""Content of an archived forum should not be indexed"""
post = PostFactory(text="yah7Eo0A")
forum = post.topic.forum
user = UserFactory()
assign_perm("can_read_forum", user, forum)
# Index the post in Elasticsearch
call_command("rebuild_index", interactive=False)
self.client.force_login(user)
response = self.client.get("/forum/search/?q=yah7")
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post, html=True)
# Archive the forum
forum.archived = True
forum.save()
# Re-build the index
call_command("rebuild_index", interactive=False)
# The same search should return nothing
response = self.client.get("/forum/search/?q=yah7")
self.assertContains(response,
"Your search has returned <b>0</b> results",
html=True)
def test_forum_display_button_manage_moderator(self):
"""
Connects a user with standard forum permission and controls that CTA to manage
moderator is not present, then add the permission can_manage_moderator and
control that we now see the CTA as expected
"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory(name="Initial forum name")
forum.lti_contexts.add(lti_context)
assign_perm("can_read_forum", user, forum)
# Connects user and go on the forum page
self.client.force_login(user)
response = self.client.get(f"/forum/forum/{forum.name}-{forum.id}/")
# Check the CTA to manage moderators is not present
self.assertNotContains(
response,
('<a href="/moderators/" title="Manage moderators" class="dropdown-item">'
"Manage moderators</a>"),
html=True,
)
# Assign permission can_manage_moderator
assign_perm("can_manage_moderator", user, forum)
response = self.client.get(f"/forum/forum/{forum.name}-{forum.id}/")
# Check the CTA to manage moderators is now present
self.assertContains(
response,
('<a href="/moderators/" title="Manage moderators" class="dropdown-item">'
"Manage moderators</a>"),
html=True,
)
def test_forum_search_only_topics(self):
"""
If the "search only topics" checkbox is ticked, matching content elsewhere should not
return any result.
"""
post1 = PostFactory(subject="497jk1sav", text="497jk1sav")
forum = post1.topic.forum
post2 = PostFactory(topic__subject="497jk1sav", topic__forum=forum)
user = UserFactory()
assign_perm("can_read_forum", user, forum)
# Index the post in Elasticsearch
call_command("rebuild_index", interactive=False)
self.client.force_login(user)
# Searching without the "search_topics" flag returns post1 because it contains
# the search string in its text body.
response = self.client.get("/forum/search/?q=497jk")
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post1.topic.slug)
# Searching with the "search_topics" flag returns post2 because it contains
# the search string in the related topic subject.
response = self.client.get("/forum/search/?q=497jk&search_topics=on")
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post2.topic.slug)
def test_testing_topic_announce(self):
"""Controls topics that are of type announcement don't have sorted options"""
# Creates posts for announcement topics
forum = ForumFactory()
PostFactory(topic=TopicFactory(forum=forum, type=Topic.TOPIC_ANNOUNCE))
PostFactory(topic=TopicFactory(forum=forum, type=Topic.TOPIC_ANNOUNCE))
user = UserFactory()
assign_perm("can_read_forum", user, forum)
self.client.force_login(user)
response = self.client.get(f"/forum/forum/{forum.slug}-{forum.pk}/")
html = lxml.html.fromstring(response.content)
# Select the header block of the announcement block, the first block
announce_block = str(
etree.tostring(html.cssselect(".topiclist .card-header")[0]))
# Controls that announce_block is about announcements and not topics
self.assertIn("Announcements", announce_block)
self.assertNotIn("Topics", announce_block)
self.assertIn("Replies", announce_block)
self.assertIn("Views", announce_block)
self.assertIn("Last post", announce_block)
# There's no sortable informations
self.assertNotIn("sortable sorted", announce_block)
# There's no column that has a sorting link on
self.assertNotIn("<a href=", announce_block)
# There's no toggle sorting
self.assertNotIn("Toggle sorting", announce_block)
def test_can_use_global_permissions(self):
# Setup
user = UserFactory.create()
assign_perm('can_read_forum', user, None) # global permission
checker = ForumPermissionChecker(user)
# Run & check
assert checker.has_perm('can_read_forum', self.forum)
def test_can_use_global_permissions(self):
# Setup
user = UserFactory.create()
assign_perm('can_read_forum', user, None) # global permission
checker = ForumPermissionChecker(user)
# Run & check
assert checker.has_perm('can_read_forum', self.forum)
def test_basic_user(self):
"""
A user without the `can_archive_forum` permission
should not be able to archive it.
"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
assign_perm("can_read_forum", user, forum)
self.assertFalse(forum.archived)
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
# The user can read the forum
response = self.client.get(f"/forum/forum/{forum.slug}-{forum.pk}/")
self.assertEqual(200, response.status_code)
self.assertContains(response, forum.name)
# but he's not allowed to archive it
response = self.client.get(f"/forum/admin/archive/{forum.pk}/")
self.assertEqual(403, response.status_code)
update_response = self.client.post(f"/forum/admin/archive/{forum.pk}/")
self.assertEqual(403, update_response.status_code)
self.assertFalse(Forum.objects.get(pk=forum.pk).archived)
def test_forum_search_with_unautorized_forum_from_other_lti_context(self):
"""
Try to search in a forum that is not part of our LTIContext by submitting
in the search form a forum from another LTIContext.
"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
lti_context2 = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum2 = ForumFactory()
forum.lti_contexts.add(lti_context)
forum2.lti_contexts.add(lti_context2)
PostFactory(
topic=TopicFactory(forum=forum),
text="Good morning world",
)
PostFactory(
topic=TopicFactory(forum=forum2),
text="Hello world",
)
# Index posts in Elasticsearch
call_command("rebuild_index", interactive=False)
# Connects and gets acces to the forum
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
assign_perm("can_read_forum", user, forum)
assign_perm("can_read_forum", user, forum2)
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
form = SearchForm(user=user, lti_context=lti_context)
# Checks that only the forum that is allowed is proposed as choice
self.assertEqual(
form.fields["search_forums"].choices,
[(forum.id, "{} {}".format("-" * forum.margin_level, forum.name))],
)
# Despite that, we force the request on the forum that is not allowed
response = self.client.get(
f"/forum/search/?q=world&search_forums={forum2.id}")
self.assertEqual(response.status_code, 200)
# Controls that we get an error and the search is not executed
self.assertContains(
response,
f"Select a valid choice. {forum2.id} is not one of the available choices.",
html=True,
)
# Valid request, we search on the forum that is allowed, we get only one result
# as forum2 is ignored
response = self.client.get(
f"/forum/search/?q=world&search_forums={forum.id}")
self.assertEqual(response.status_code, 200)
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
def test_access_api_update_student_patch(self):
"""Standard call should not be allowed to update a student."""
# Creates a forum
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
assign_perm("can_read_forum", user, forum, True)
# Creates the session
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
data = {
"public_username": "******",
}
response = self.client.patch(
f"/api/v1.0/users/{user.id}/",
json.dumps(data),
content_type="application/json",
)
self.assertEqual(response.status_code, 403)
self.assertEqual(
response.json(),
{"detail": "You do not have permission to perform this action."},
)
def test_forum_search_authorized(self):
"""A user with the rights to read a forum should be able to search."""
created_on = datetime(2020, 10, 5, 8, 13, tzinfo=timezone.utc)
with mock.patch.object(timezone, "now", return_value=created_on):
post = PostFactory()
poster = post.poster
user = UserFactory()
assign_perm("can_read_forum", user, post.topic.forum)
# Index the post in Elasticsearch
call_command("rebuild_index", interactive=False)
self.client.force_login(user)
response = self.client.get("/forum/search/?q=*")
# Check the format of the results
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post.subject)
self.assertContains(response, post.topic.subject)
self.assertContains(
response,
f'By: <a href="/forum/member/profile/{poster.id:d}/">{poster.public_username:s}</a>',
)
self.assertContains(
response,
"on Oct. 5, 2020, 8:13 a.m.",
)
def test_forum_search_post_poster_restrict_forums(self):
"""
Forum searches can be restricted to only one forum
when searching for a specific poster.
"""
post1 = PostFactory()
post2 = PostFactory(poster=post1.poster,
topic__forum=post1.topic.forum)
post3 = PostFactory(poster=post1.poster)
user = UserFactory()
assign_perm("can_read_forum", user, post1.topic.forum)
assign_perm("can_read_forum", user, post3.topic.forum)
# Index the post in Elasticsearch
call_command("rebuild_index", interactive=False)
self.client.force_login(user)
response = self.client.get(
f"/forum/search/?q=&search_poster_name={post1.poster.public_username}\
&search_forums={post1.topic.forum.pk}")
self.assertContains(response,
"Your search has returned <b>2</b> results",
html=True)
self.assertContains(response, post1.subject)
self.assertContains(response, post2.subject)
response = self.client.get(
f"/forum/search/?q=&search_poster_name={post1.poster.public_username}\
&search_forums={post3.topic.forum.pk}")
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post3.subject)
def test_forum_search_several_forums_restrict_to_one(self):
"""Forum searches can be restricted to only one forum."""
post1 = PostFactory(text="Hello world", subject="a5g3g6k75")
post2 = PostFactory(text="Good morning world", subject="497jk1sav")
user = UserFactory()
assign_perm("can_read_forum", user, post1.topic.forum)
assign_perm("can_read_forum", user, post2.topic.forum)
# Index the post in Elasticsearch
call_command("rebuild_index", interactive=False)
self.client.force_login(user)
response = self.client.get(
f"/forum/search/?q=world&search_forums={post1.topic.forum.pk}")
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post1.subject)
response = self.client.get(
f"/forum/search/?q=world&search_forums={post2.topic.forum.pk}")
self.assertContains(response,
"Your search has returned <b>1</b> result",
html=True)
self.assertContains(response, post2.subject)
def _get_url_list_topic_with_three_topics(self):
"""Creates a forum with three topics and a user to access the forum that has
the permission to access it. It's a shortcut used in all the tests below."""
forum = ForumFactory()
# create 3 topics with distinct subject, views_count and date
PostFactory(
topic=TopicFactory(forum=forum, views_count=9),
subject="TOPIC B the eldest with 9 views_count",
)
PostFactory(
topic=TopicFactory(forum=forum, views_count=6),
subject="TOPIC A created second with 6 views_count",
)
PostFactory(
topic=TopicFactory(forum=forum, views_count=12),
subject="TOPIC C the newest one with 12 views_count",
)
user = UserFactory()
assign_perm("can_read_forum", user, forum)
self.client.force_login(user)
# Setup
url_list_topic = f"/forum/forum/{forum.slug}-{forum.pk}/"
return forum, url_list_topic
def test_access_can_manage_moderators_list_non_moderators(self):
"""Users that can manage moderators should be able to use the API to request
list of users that are not moderators"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
response = self.client.get("/api/v1.0/users/?role=!moderator")
# First it's forbidden
self.assertEqual(403, response.status_code)
# Add permission
assign_perm("can_manage_moderator", user, forum, True)
# Still forbidden, missing the session
response = self.client.get("/api/v1.0/users/?!role=moderator")
self.assertEqual(403, response.status_code)
# Add session
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
self.assertEqual(self.client.session.get(SESSION_LTI_CONTEXT_ID),
lti_context.id)
response = self.client.get("/api/v1.0/users/?role=!moderator")
# Permission + session added, it should be allowed
self.assertEqual(response.status_code, 200)
def test_knows_that_user_permissions_take_precedence_over_user_global_permissions(self):
# Setup
user = UserFactory.create()
assign_perm('can_read_forum', user, None) # global permission
assign_perm('can_read_forum', user, self.forum, has_perm=False)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
def test_knows_that_user_permissions_take_precedence_over_user_global_permissions(self):
# Setup
user = UserFactory.create()
assign_perm('can_read_forum', user, None) # global permission
assign_perm('can_read_forum', user, self.forum, has_perm=False)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
def test_knows_that_user_permissions_take_precedence_over_group_permissions(self):
# Setup
user = UserFactory.create()
group = GroupFactory.create()
user.groups.add(group)
assign_perm('can_read_forum', user, self.forum, has_perm=False)
assign_perm('can_read_forum', group, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
def _assign_permissions(forum, group, permissions: List[str]):
"""Grant a list of permissions for a group on a specific forum."""
for perm in permissions:
logger.debug(
"Grant permission %s to group %s on forum %s",
perm,
group.name,
forum.lti_id,
)
assign_perm(perm, group, forum, True)
def test_knows_that_user_permissions_take_precedence_over_group_permissions(self):
# Setup
user = UserFactory.create()
group = GroupFactory.create()
user.groups.add(group)
assign_perm('can_read_forum', user, self.forum, has_perm=False)
assign_perm('can_read_forum', group, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
def test_testing_topic_announce_dont_get_ordered(self):
"""
Controls topics that are of type announcement don't get ordered if sorting is
submitted in url. Orders are only applied to Topic posts.
"""
forum = ForumFactory()
user = UserFactory()
assign_perm("can_read_forum", user, forum)
self.client.force_login(user)
# Creates posts for announcement topics
topicAnnounce1 = TopicFactory(forum=forum,
type=Topic.TOPIC_ANNOUNCE,
views_count=100)
topicAnnounce2 = TopicFactory(forum=forum,
type=Topic.TOPIC_ANNOUNCE,
views_count=200)
PostFactory(
topic=topicAnnounce1,
subject="TOPIC A TYPE ANNOUNCED",
)
PostFactory(
topic=topicAnnounce2,
subject="TOPIC B TYPE ANNOUNCED",
)
# Post of topicAnnounce2 has been created last, it should be the first one on the list
self.assertLess(topicAnnounce1.last_post_on,
topicAnnounce2.last_post_on)
# Orders on column view_post
response = self.client.get(
f"/forum/forum/{forum.slug}-{forum.pk}/?o=2")
# Orders is respected on default creation order
self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED",
"TOPIC A TYPE ANNOUNCED")
# Reverses order
response = self.client.get(
f"/forum/forum/{forum.slug}-{forum.pk}/?o=-2")
# Orders of announcement topics stays the same
self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED",
"TOPIC A TYPE ANNOUNCED")
# Orders on replies column
response = self.client.get(
f"/forum/forum/{forum.slug}-{forum.pk}/?o=-1")
# Shows order is respected on default creation order
self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED",
"TOPIC A TYPE ANNOUNCED")
# Reverses order
response = self.client.get(
f"/forum/forum/{forum.slug}-{forum.pk}/?o=1")
# Orders of announcement topics stays the same
self.assertContentBefore(response, "TOPIC B TYPE ANNOUNCED",
"TOPIC A TYPE ANNOUNCED")
def test_knows_that_alluser_permissions_take_precedence_over_default_authenticated_permissions(
self): # noqa: E501
user = UserFactory.create()
# Negate DEFAULT_AUTHENTICATED_USER_FORUM_PERMISSIONS
assign_perm('can_see_forum',
ALL_AUTHENTICATED_USERS,
self.forum,
has_perm=False)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_see_forum', self.forum)
def test_knows_that_alluser_permissions_take_precedence_over_alluser_global_permissions(
self):
# Setup
user = UserFactory.create()
# Test globally True but forum level False
assign_perm('can_read_forum',
ALL_AUTHENTICATED_USERS,
None,
has_perm=True)
assign_perm('can_read_forum',
ALL_AUTHENTICATED_USERS,
self.forum,
has_perm=False)
# Test globally False but forum level True
assign_perm('can_edit_own_posts',
ALL_AUTHENTICATED_USERS,
None,
has_perm=False)
assign_perm('can_edit_own_posts',
ALL_AUTHENTICATED_USERS,
self.forum,
has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
assert checker.has_perm('can_edit_own_posts', self.forum)
def test_forum_search_post_failure(self):
"""Searching for a word not present in post, topic or username should return no result."""
post = PostFactory(text="a5g3g6k75", subject="497jk1sav")
user = UserFactory()
assign_perm("can_read_forum", user, post.topic.forum)
# Index the post in Elasticsearch
call_command("rebuild_index", interactive=False)
self.client.force_login(user)
response = self.client.get("/forum/search/?q=blabla")
self.assertContains(response,
"Your search has returned <b>0</b> results",
html=True)
def test_permissions_returned_for_alluser_when_not_in_group_for_given_forum(
self):
"""
When all_users permission is set, a user that has no own permissions and is not
in a group that has permissions on the given forum, still has a permission (via all_users)
on the given forum
"""
user = UserFactory.create()
assign_perm('can_read_forum',
ALL_AUTHENTICATED_USERS,
self.forum,
has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert checker.has_perm('can_read_forum', self.forum)
def test_knows_that_granted_permissions_should_take_precedence_over_the_same_non_granted_permissions(self): # noqa: E501
# Setup
user = UserFactory.create()
group_all_users = GroupFactory.create()
group_specific_access = GroupFactory.create()
user.groups.add(group_all_users)
user.groups.add(group_specific_access)
assign_perm('can_read_forum', group_all_users, None) # global permission
assign_perm('can_read_forum', group_all_users, self.forum, has_perm=False)
assign_perm('can_read_forum', group_specific_access, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert checker.has_perm('can_read_forum', self.forum)
