def test_delete_image_from_other_user(self): """ if user try to remove images from another user without permission""" profile4 = ProfileFactory() gallery4 = GalleryFactory() image4 = ImageFactory(gallery=gallery4) UserGalleryFactory(user=profile4.user, gallery=gallery4) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.client.post( reverse('gallery-image-delete', kwargs={'pk_gallery': self.gallery1.pk}), { 'gallery': self.gallery1.pk, 'delete': '', 'image': image4.pk }, follow=True, ) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) image4.delete()
class UserGalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_can_write(self): self.user_gallery.mode = 'W' self.assertTrue(self.user_gallery.can_write()) self.assertFalse(self.user_gallery.can_read()) def test_can_read(self): self.user_gallery.mode = 'R' self.assertFalse(self.user_gallery.can_write()) self.assertTrue(self.user_gallery.can_read()) def test_get_images(self): self.assertEqual(2, len(self.user_gallery.get_images())) self.assertEqual(self.image1, self.user_gallery.get_images()[0]) self.assertEqual(self.image2, self.user_gallery.get_images()[1])
class ImageTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) def tearDown(self): self.image.delete() self.gallery.delete() def test_unicode(self): self.assertEqual(self.image.slug, self.image.__unicode__()) def test_get_absolute_url(self): absolute_url = u'{0}/{1}'.format(settings.MEDIA_URL, self.image.physical) self.assertEqual(absolute_url, self.image.get_absolute_url()) def test_get_extension(self): self.assertEqual('jpg', self.image.get_extension()) def test_save_image(self): test_image = ImageFactory(gallery=self.gallery) self.assertTrue(os.path.isfile(test_image.physical.path)) test_image.delete() self.assertFalse(os.path.isfile(test_image.physical.path))
def test_save_and_delete_image(self): test_image = ImageFactory(gallery=self.gallery) image_path = test_image.physical.path self.assertTrue(os.path.isfile(image_path)) test_image.delete() self.assertFalse(os.path.isfile(image_path))
class UserGalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_can_write(self): self.user_gallery.mode = 'W' self.assertTrue(self.user_gallery.can_write()) self.assertFalse(self.user_gallery.can_read()) def test_can_read(self): self.user_gallery.mode = 'R' self.assertFalse(self.user_gallery.can_write()) self.assertTrue(self.user_gallery.can_read()) def test_get_images(self): self.assertEqual(2, len(self.user_gallery.get_images())) self.assertEqual(self.image1, self.user_gallery.get_images()[0]) self.assertEqual(self.image2, self.user_gallery.get_images()[1])
class ImageTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) def tearDown(self): self.image.delete() self.gallery.delete() def test_get_absolute_url(self): absolute_url = '{0}/{1}'.format(settings.MEDIA_URL, self.image.physical).replace('//', '/') self.assertEqual(absolute_url, self.image.get_absolute_url()) def test_get_extension(self): self.assertEqual('jpg', self.image.get_extension()) def test_save_and_delete_image(self): test_image = ImageFactory(gallery=self.gallery) image_path = test_image.physical.path self.assertTrue(os.path.isfile(image_path)) test_image.delete() self.assertFalse(os.path.isfile(image_path))
class ImageTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) def tearDown(self): self.image.delete() self.gallery.delete() def test_get_absolute_url(self): absolute_url = '{0}/{1}'.format(settings.MEDIA_URL, self.image.physical).replace( '//', '/') self.assertEqual(absolute_url, self.image.get_absolute_url()) def test_get_extension(self): self.assertEqual('jpg', self.image.get_extension()) def test_save_and_delete_image(self): test_image = ImageFactory(gallery=self.gallery) image_path = test_image.physical.path self.assertTrue(os.path.isfile(image_path)) test_image.delete() self.assertFalse(os.path.isfile(image_path))
def test_save_and_delete_image(self): test_image = ImageFactory(gallery=self.gallery) image_path = test_image.physical.path self.assertTrue(os.path.isfile(image_path)) test_image.delete() self.assertFalse(os.path.isfile(image_path))
class GalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_unicode(self): self.assertEqual(self.gallery.title, self.gallery.__unicode__()) def test_get_absolute_url(self): absolute_url = reverse('zds.gallery.views.gallery_details', args=[self.gallery.pk, self.gallery.slug]) self.assertEqual(absolute_url, self.gallery.get_absolute_url()) def test_get_users(self): self.assertEqual(1, len(self.gallery.get_users())) self.assertEqual(self.user_gallery, self.gallery.get_users()[0]) def test_get_images(self): self.assertEqual(2, len(self.gallery.get_images())) self.assertEqual(self.image1, self.gallery.get_images()[0]) self.assertEqual(self.image2, self.gallery.get_images()[1]) def test_get_last_image(self): self.assertEqual(self.image2, self.gallery.get_last_image())
class GalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_unicode(self): self.assertEqual(self.gallery.title, self.gallery.__unicode__()) def test_get_absolute_url(self): absolute_url = reverse('gallery-details', args=[self.gallery.pk, self.gallery.slug]) self.assertEqual(absolute_url, self.gallery.get_absolute_url()) def test_get_linked_users(self): self.assertEqual(1, len(self.gallery.get_linked_users())) self.assertEqual(self.user_gallery, self.gallery.get_linked_users()[0]) def test_get_images(self): self.assertEqual(2, len(self.gallery.get_images())) self.assertEqual(self.image1, self.gallery.get_images()[0]) self.assertEqual(self.image2, self.gallery.get_images()[1]) def test_get_last_image(self): self.assertEqual(self.image2, self.gallery.get_last_image()) def test_delete_empty_gallery(self): test_gallery = GalleryFactory() path = test_gallery.get_gallery_path() test_gallery.delete() self.assertFalse(os.path.isdir(path)) def test_delete_gallery_with_image(self): test_gallery = GalleryFactory() test_image = ImageFactory(gallery=test_gallery) path_gallery = test_gallery.get_gallery_path() self.assertTrue(os.path.isdir(path_gallery)) path_image = test_image.physical.path self.assertTrue(os.path.isfile(path_image)) # Destroy the gallery and the image test_gallery.delete() self.assertFalse(os.path.isdir(path_gallery)) self.assertFalse(os.path.isfile(path_image))
class GalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_get_absolute_url(self): absolute_url = reverse('gallery-details', args=[self.gallery.pk, self.gallery.slug]) self.assertEqual(absolute_url, self.gallery.get_absolute_url()) def test_get_linked_users(self): self.assertEqual(1, len(self.gallery.get_linked_users())) self.assertEqual(self.user_gallery, self.gallery.get_linked_users()[0]) def test_get_images(self): self.assertEqual(2, len(self.gallery.get_images())) self.assertEqual(self.image1, self.gallery.get_images()[0]) self.assertEqual(self.image2, self.gallery.get_images()[1]) def test_get_last_image(self): self.assertEqual(self.image2, self.gallery.get_last_image()) def test_delete_empty_gallery(self): test_gallery = GalleryFactory() path = test_gallery.get_gallery_path() test_gallery.delete() self.assertFalse(os.path.isdir(path)) def test_delete_gallery_with_image(self): test_gallery = GalleryFactory() test_image = ImageFactory(gallery=test_gallery) path_gallery = test_gallery.get_gallery_path() self.assertTrue(os.path.isdir(path_gallery)) path_image = test_image.physical.path self.assertTrue(os.path.isfile(path_image)) # Destroy the gallery and the image test_gallery.delete() self.assertFalse(os.path.isdir(path_gallery)) self.assertFalse(os.path.isfile(path_image))
class UserGalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_unicode(self): result = u'Galerie "{0}" envoye par {1}'.format( self.gallery, self.profile.user) self.assertEqual(result, self.user_gallery.__unicode__()) def test_is_write(self): self.user_gallery.mode = 'W' self.assertTrue(self.user_gallery.is_write()) self.assertFalse(self.user_gallery.is_read()) def test_is_read(self): self.user_gallery.mode = 'R' self.assertFalse(self.user_gallery.is_write()) self.assertTrue(self.user_gallery.is_read()) def test_get_images(self): self.assertEqual(2, len(self.user_gallery.get_images())) self.assertEqual(self.image1, self.user_gallery.get_images()[0]) self.assertEqual(self.image2, self.user_gallery.get_images()[1]) def test_get_gallery(self): gallery_results = self.user_gallery.get_gallery(self.profile.user) self.assertEqual(1, len(gallery_results)) self.assertEqual(self.gallery, gallery_results[0])
class UserGalleryTest(TestCase): def setUp(self): self.profile = ProfileFactory() self.gallery = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery) self.image2 = ImageFactory(gallery=self.gallery) self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery) def tearDown(self): self.image1.delete() self.image2.delete() self.user_gallery.delete() self.gallery.delete() def test_unicode(self): result = u'Galerie "{0}" envoye par {1}'.format(self.gallery, self.profile.user) self.assertEqual(result, self.user_gallery.__unicode__()) def test_is_write(self): self.user_gallery.mode = 'W' self.assertTrue(self.user_gallery.is_write()) self.assertFalse(self.user_gallery.is_read()) def test_is_read(self): self.user_gallery.mode = 'R' self.assertFalse(self.user_gallery.is_write()) self.assertTrue(self.user_gallery.is_read()) def test_get_images(self): self.assertEqual(2, len(self.user_gallery.get_images())) self.assertEqual(self.image1, self.user_gallery.get_images()[0]) self.assertEqual(self.image2, self.user_gallery.get_images()[1]) def test_get_gallery(self): gallery_results = self.user_gallery.get_gallery(self.profile.user) self.assertEqual(1, len(gallery_results)) self.assertEqual(self.gallery, gallery_results[0])
def test_delete_image_from_other_user(self): """if user try to remove images from another user without permission""" profile4 = ProfileFactory() gallery4 = GalleryFactory() image4 = ImageFactory(gallery=gallery4) UserGalleryFactory(user=profile4.user, gallery=gallery4) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) self.client.force_login(self.profile1.user) self.client.post( reverse("gallery-image-delete", kwargs={"pk_gallery": self.gallery1.pk}), { "gallery": self.gallery1.pk, "delete": "", "image": image4.pk }, follow=True, ) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) image4.delete()
def test_delete_image_from_other_user(self): """ if user try to remove images from another user without permission""" profile4 = ProfileFactory() gallery4 = GalleryFactory() image4 = ImageFactory(gallery=gallery4) UserGalleryFactory(user=profile4.user, gallery=gallery4) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.client.post( reverse('zds.gallery.views.modify_image'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': image4.pk }, follow=True, ) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) image4.delete()
class ImageTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) def tearDown(self): self.image.delete() self.gallery.delete() def test_get_absolute_url(self): absolute_url = f"{settings.MEDIA_URL}/{self.image.physical}".replace("//", "/") self.assertEqual(absolute_url, self.image.get_absolute_url()) def test_get_extension(self): self.assertEqual("jpg", self.image.get_extension()) def test_save_and_delete_image(self): test_image = ImageFactory(gallery=self.gallery) image_path = test_image.physical.path self.assertTrue(os.path.isfile(image_path)) test_image.delete() self.assertFalse(os.path.isfile(image_path))
class EditImageViewTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery, mode='W') self.user_gallery2 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery, mode='R') def tearDown(self): self.image.delete() def test_denies_anonymous(self): response = self.client.get( reverse( 'zds.gallery.views.edit_image', args=[15, 156] ), follow=True ) self.assertRedirects(response, reverse('zds.member.views.login_view') + '?next=' + urllib.quote(reverse('zds.gallery.views.edit_image', args=[15, 156]), '')) def test_fail_member_no_permission_can_edit_image(self): login_check = self.client.login(username=self.profile3.user.username, password='******') self.assertTrue(login_check) with open(os.path.join(settings.SITE_ROOT, 'fixtures', 'logo.png'), 'r') as fp: self.client.post( reverse( 'zds.gallery.views.edit_image', args=[self.gallery.pk, self.image.pk] ), { 'title': 'modify with no perms', 'legend': 'test legend', 'slug': 'test-slug', 'physical': fp }, follow=True ) image_test = Image.objects.get(pk=self.image.pk) self.assertNotEqual('modify with no perms', image_test.title) image_test.delete() def test_success_member_edit_image(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) with open(os.path.join(settings.SITE_ROOT, 'fixtures', 'logo.png'), 'r') as fp: response = self.client.post( reverse( 'zds.gallery.views.edit_image', args=[self.gallery.pk, self.image.pk] ), { 'title': 'edit title', 'legend': 'dit legend', 'slug': 'edit-slug', 'physical': fp }, follow=True ) self.assertEqual(200, response.status_code) image_test = Image.objects.get(pk=self.image.pk) self.assertEqual('edit title', image_test.title) image_test.delete() def test_access_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.get(reverse( 'zds.gallery.views.edit_image', args=[self.gallery.pk, self.image.pk] )) self.assertEqual(200, response.status_code)
class ModifyGalleryViewTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R') def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_fail_delete_multi_read_permission(self): """ when user wants to delete a list of galleries just with a read permission """ login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(3, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'delete_multi': '', 'items': [self.gallery1.pk] }, follow=True ) self.assertEqual(403, response.status_code) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(3, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_multi_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(3, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'delete_multi': '', 'items': [self.gallery1.pk, self.gallery2.pk] }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(0, Gallery.objects.all().count()) self.assertEqual(0, UserGallery.objects.all().count()) self.assertEqual(0, Image.objects.all().count()) def test_fail_add_user_with_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) # gallery nonexistent response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'adduser': '', 'gallery': 89, } ) self.assertEqual(404, response.status_code) # try to add an user with write permission response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile2.user.username, 'mode': 'W', } ) self.assertEqual(403, response.status_code) def test_fail_add_user_already_has_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) # Same permission : read response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile2.user.username, 'mode': 'R', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) # try to add write permission to an user # who has already an read permission response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile2.user.username, 'mode': 'W', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_read_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile3.user.username, 'mode': 'R', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('zds.gallery.views.modify_gallery'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile3.user.username, 'mode': 'W', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode)
class ModifyImageTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R') def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_denies_anonymous(self): response = self.client.get(reverse('gallery-image-delete'), follow=True) self.assertRedirects( response, reverse('member-login') + '?next=' + urllib.quote(reverse('gallery-image-delete'), '')) def test_fail_modify_image_with_no_permission(self): login_check = self.client.login(username=self.profile3.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-image-delete'), { 'gallery': self.gallery1.pk, }, follow=True, ) self.assertTrue(403, response.status_code) def test_delete_image_from_other_user(self): """ if user try to remove images from another user without permission""" profile4 = ProfileFactory() gallery4 = GalleryFactory() image4 = ImageFactory(gallery=gallery4) UserGalleryFactory(user=profile4.user, gallery=gallery4) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.client.post( reverse('gallery-image-delete'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': image4.pk }, follow=True, ) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) image4.delete() def test_success_delete_image_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-image-delete'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': self.image1.pk }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count()) def test_success_delete_list_images_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-image-delete'), { 'gallery': self.gallery1.pk, 'delete_multi': '', 'items': [self.image1.pk, self.image2.pk] }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count()) self.assertEqual(0, Image.objects.filter(pk=self.image2.pk).count()) def test_fail_delete_image_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-image-delete'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': self.image1.pk }, follow=True, ) self.assertEqual(403, response.status_code) self.assertEqual(1, Image.objects.filter(pk=self.image1.pk).count())
class EditImageViewTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery, mode='W') self.user_gallery2 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery, mode='R') def tearDown(self): self.image.delete() def test_denies_anonymous(self): response = self.client.get(reverse('gallery-image-edit', args=[15, 156]), follow=True) self.assertRedirects( response, reverse('member-login') + '?next=' + urllib.quote(reverse('gallery-image-edit', args=[15, 156]), '')) def test_fail_member_no_permission_can_edit_image(self): login_check = self.client.login(username=self.profile3.user.username, password='******') self.assertTrue(login_check) with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'), 'r') as fp: self.client.post(reverse('gallery-image-edit', args=[self.gallery.pk, self.image.pk]), { 'title': 'modify with no perms', 'legend': 'test legend', 'slug': 'test-slug', 'physical': fp }, follow=True) image_test = Image.objects.get(pk=self.image.pk) self.assertNotEqual('modify with no perms', image_test.title) image_test.delete() def test_success_member_edit_image(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) nb_files = len(os.listdir(self.gallery.get_gallery_path())) with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'), 'r') as fp: response = self.client.post(reverse( 'gallery-image-edit', args=[self.gallery.pk, self.image.pk]), { 'title': 'edit title', 'legend': 'dit legend', 'slug': 'edit-slug', 'physical': fp }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(nb_files + 3, len(os.listdir(self.gallery.get_gallery_path()))) image_test = Image.objects.get(pk=self.image.pk) self.assertEqual('edit title', image_test.title) image_test.delete() # picture AND thumbnail should be gone self.assertEqual(nb_files, len(os.listdir(self.gallery.get_gallery_path()))) def test_access_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.get( reverse('gallery-image-edit', args=[self.gallery.pk, self.image.pk])) self.assertEqual(200, response.status_code)
class ModifyGalleryViewTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R') def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_fail_delete_multi_read_permission(self): """ when user wants to delete a list of galleries just with a read permission """ login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(3, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse('gallery-modify'), { 'delete_multi': '', 'items': [self.gallery1.pk] }, follow=True) self.assertEqual(403, response.status_code) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(3, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_multi_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(3, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('gallery-modify'), { 'delete_multi': '', 'items': [self.gallery1.pk, self.gallery2.pk] }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(0, Gallery.objects.all().count()) self.assertEqual(0, UserGallery.objects.all().count()) self.assertEqual(0, Image.objects.all().count()) def test_fail_add_user_with_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) # gallery nonexistent response = self.client.post(reverse('gallery-modify'), { 'adduser': '', 'gallery': 89, }) self.assertEqual(404, response.status_code) # try to add an user with write permission response = self.client.post( reverse('gallery-modify'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile2.user.username, 'mode': 'W', }) self.assertEqual(403, response.status_code) def test_fail_add_user_already_has_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) # Same permission : read response = self.client.post(reverse('gallery-modify'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile2.user.username, 'mode': 'R', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) # try to add write permission to an user # who has already an read permission response = self.client.post(reverse('gallery-modify'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile2.user.username, 'mode': 'W', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_read_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post(reverse('gallery-modify'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile3.user.username, 'mode': 'R', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post(reverse('gallery-modify'), { 'adduser': '', 'gallery': self.gallery1.pk, 'user': self.profile3.user.username, 'mode': 'W', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode)
class EditImageViewTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery, mode="W") self.user_gallery2 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery, mode="R") def tearDown(self): self.image.delete() def test_fail_member_no_permission_can_edit_image(self): login_check = self.client.login(username=self.profile3.user.username, password="******") self.assertTrue(login_check) with (settings.BASE_DIR / "fixtures" / "logo.png").open("rb") as fp: self.client.post( reverse("gallery-image-edit", args=[self.gallery.pk, self.image.pk]), { "title": "modify with no perms", "legend": "test legend", "slug": "test-slug", "physical": fp }, follow=True, ) image_test = Image.objects.get(pk=self.image.pk) self.assertNotEqual("modify with no perms", image_test.title) image_test.delete() def test_success_member_edit_image(self): login_check = self.client.login(username=self.profile1.user.username, password="******") self.assertTrue(login_check) nb_files = len(os.listdir(self.gallery.get_gallery_path())) with (settings.BASE_DIR / "fixtures" / "logo.png").open("rb") as fp: response = self.client.post( reverse("gallery-image-edit", args=[self.gallery.pk, self.image.pk]), { "title": "edit title", "legend": "dit legend", "slug": "edit-slug", "physical": fp }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(nb_files + 3, len(os.listdir(self.gallery.get_gallery_path()))) image_test = Image.objects.get(pk=self.image.pk) self.assertEqual("edit title", image_test.title) image_test.delete() # picture AND thumbnail should be gone self.assertEqual(nb_files, len(os.listdir(self.gallery.get_gallery_path()))) def test_access_permission(self): login_check = self.client.login(username=self.profile1.user.username, password="******") self.assertTrue(login_check) response = self.client.get( reverse("gallery-image-edit", args=[self.gallery.pk, self.image.pk])) self.assertEqual(200, response.status_code)
class ModifyImageTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode="R") def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_fail_modify_image_with_no_permission(self): login_check = self.client.login(username=self.profile3.user.username, password="******") self.assertTrue(login_check) response = self.client.post( reverse("gallery-image-delete", kwargs={"pk_gallery": self.gallery1.pk}), { "gallery": self.gallery1.pk, }, follow=True, ) self.assertTrue(403, response.status_code) def test_delete_image_from_other_user(self): """ if user try to remove images from another user without permission""" profile4 = ProfileFactory() gallery4 = GalleryFactory() image4 = ImageFactory(gallery=gallery4) UserGalleryFactory(user=profile4.user, gallery=gallery4) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) login_check = self.client.login(username=self.profile1.user.username, password="******") self.assertTrue(login_check) self.client.post( reverse("gallery-image-delete", kwargs={"pk_gallery": self.gallery1.pk}), { "gallery": self.gallery1.pk, "delete": "", "image": image4.pk }, follow=True, ) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) image4.delete() def test_success_delete_image_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password="******") self.assertTrue(login_check) response = self.client.post( reverse("gallery-image-delete", kwargs={"pk_gallery": self.gallery1.pk}), { "gallery": self.gallery1.pk, "delete": "", "image": self.image1.pk }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count()) def test_success_delete_list_images_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password="******") self.assertTrue(login_check) response = self.client.post( reverse("gallery-image-delete", kwargs={"pk_gallery": self.gallery1.pk}), { "gallery": self.gallery1.pk, "delete_multi": "", "g_items": [self.image1.pk, self.image2.pk] }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count()) self.assertEqual(0, Image.objects.filter(pk=self.image2.pk).count()) def test_fail_delete_image_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password="******") self.assertTrue(login_check) response = self.client.post( reverse("gallery-image-delete", kwargs={"pk_gallery": self.gallery1.pk}), { "gallery": self.gallery1.pk, "delete": "", "image": self.image1.pk }, follow=True, ) self.assertEqual(403, response.status_code) self.assertEqual(1, Image.objects.filter(pk=self.image1.pk).count())
class EditImageViewTest(TestCase): def setUp(self): self.gallery = GalleryFactory() self.image = ImageFactory(gallery=self.gallery) self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery, mode='W') self.user_gallery2 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery, mode='R') def tearDown(self): self.image.delete() def test_fail_member_no_permission_can_edit_image(self): login_check = self.client.login(username=self.profile3.user.username, password='******') self.assertTrue(login_check) with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'), 'rb') as fp: self.client.post( reverse( 'gallery-image-edit', args=[self.gallery.pk, self.image.pk] ), { 'title': 'modify with no perms', 'legend': 'test legend', 'slug': 'test-slug', 'physical': fp }, follow=True ) image_test = Image.objects.get(pk=self.image.pk) self.assertNotEqual('modify with no perms', image_test.title) image_test.delete() def test_success_member_edit_image(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) nb_files = len(os.listdir(self.gallery.get_gallery_path())) with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'), 'rb') as fp: response = self.client.post( reverse( 'gallery-image-edit', args=[self.gallery.pk, self.image.pk] ), { 'title': 'edit title', 'legend': 'dit legend', 'slug': 'edit-slug', 'physical': fp }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(nb_files + 3, len(os.listdir(self.gallery.get_gallery_path()))) image_test = Image.objects.get(pk=self.image.pk) self.assertEqual('edit title', image_test.title) image_test.delete() # picture AND thumbnail should be gone self.assertEqual(nb_files, len(os.listdir(self.gallery.get_gallery_path()))) def test_access_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.get(reverse( 'gallery-image-edit', args=[self.gallery.pk, self.image.pk] )) self.assertEqual(200, response.status_code)
class ModifyGalleryViewTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R') default_gallery_u1 = GalleryFactory(title='default', slug='default', subtitle='bla') UserGalleryFactory(user=self.profile1.user, gallery=default_gallery_u1, is_default=True) default_gallery_u2 = GalleryFactory(title='default', slug='default', subtitle='bla') UserGalleryFactory(user=self.profile2.user, gallery=default_gallery_u2, is_default=True) def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_fail_delete_multi_read_permission(self): """ when user wants to delete a list of galleries just with a read permission """ login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('galleries-delete'), { 'delete_multi': '', 'g_items': [self.gallery1.pk] }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_multi_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('galleries-delete'), { 'delete_multi': '', 'g_items': [self.gallery1.pk, self.gallery2.pk] }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(2, UserGallery.objects.all().count()) self.assertEqual(0, Image.objects.all().count()) def test_fail_delete_read_permission(self): """ when user wants to delete a gallery just with a read permission """ login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('galleries-delete'), { 'delete': '', 'gallery': self.gallery1.pk }, follow=True ) self.assertEqual(403, response.status_code) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('galleries-delete'), { 'delete': '', 'gallery': self.gallery1.pk }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(0, Gallery.objects.filter(pk=self.gallery1.pk).count()) self.assertEqual(0, UserGallery.objects.filter(gallery=self.gallery1).count()) self.assertEqual(0, Image.objects.filter(gallery=self.gallery1).count()) def test_fail_add_user_with_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) # gallery nonexistent response = self.client.post( reverse('gallery-members', kwargs={'pk': 99999}), { 'action': 'add', } ) self.assertEqual(404, response.status_code) # try to add a user with write permission response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile2.user.username, 'mode': 'W', } ) self.assertEqual(403, response.status_code) def test_fail_add_user_already_has_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) # Same permission : read response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile2.user.username, 'mode': 'R', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) # try to add write permission to a user # who has already an read permission response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile2.user.username, 'mode': 'W', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_read_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile3.user.username, 'mode': 'R', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile3.user.username, 'mode': 'W', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode) def test_success_modify_user_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile3.user.username, 'mode': 'W', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode) response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'edit', 'user': self.profile3.user.username, 'mode': 'R', }, follow=True ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_fail_user_modify_self(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'edit', 'user': self.profile1.user.username, 'mode': 'R', }, follow=True ) self.assertEqual(403, response.status_code) permissions = UserGallery.objects.filter(user=self.profile1.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode) def test_success_user_leave_gallery(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # kick the other response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile2.user.username, }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(user_galleries.count(), 1) self.assertEqual(user_galleries.last().user, self.profile1.user) def test_error_last_user_with_write_leave_gallery(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) user_gallery = UserGallery.objects.filter(gallery=self.gallery1, user=self.profile1.user) self.assertEqual(user_gallery.count(), 1) # try to quit response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile1.user.username, }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(user_gallery.count(), 1) # not gone def test_success_user_with_read_permission_leave_gallery(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # leave response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile2.user.username, }, follow=True ) self.assertEqual(200, response.status_code) self.assertEqual(user_galleries.count(), 1) self.assertEqual(user_galleries.last().user, self.profile1.user) def test_fail_user_modify_user_has_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # set W response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'edit', 'user': self.profile2.user.username, 'mode': 'W', }, follow=True ) self.assertEqual(403, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) # kick other response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile1.user.username, }, follow=True ) self.assertEqual(403, response.status_code) self.assertEqual(user_galleries.count(), 2)
class ModifyImageTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R') def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_denies_anonymous(self): response = self.client.get(reverse('zds.gallery.views.modify_image'), follow=True) self.assertRedirects(response, reverse('zds.member.views.login_view') + '?next=' + urllib.quote(reverse('zds.gallery.views.modify_image'), '')) def test_fail_modify_image_with_no_permission(self): login_check = self.client.login(username=self.profile3.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('zds.gallery.views.modify_image'), { 'gallery': self.gallery1.pk, }, follow=True, ) self.assertTrue(403, response.status_code) def test_delete_image_from_other_user(self): """ if user try to remove images from another user without permission""" profile4 = ProfileFactory() gallery4 = GalleryFactory() image4 = ImageFactory(gallery=gallery4) UserGalleryFactory(user=profile4.user, gallery=gallery4) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.client.post( reverse('zds.gallery.views.modify_image'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': image4.pk }, follow=True, ) self.assertEqual(1, Image.objects.filter(pk=image4.pk).count()) image4.delete() def test_success_delete_image_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('zds.gallery.views.modify_image'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': self.image1.pk }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count()) def test_success_delete_list_images_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('zds.gallery.views.modify_image'), { 'gallery': self.gallery1.pk, 'delete_multi': '', 'items': [self.image1.pk, self.image2.pk] }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count()) self.assertEqual(0, Image.objects.filter(pk=self.image2.pk).count()) def test_fail_delete_image_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) response = self.client.post( reverse('zds.gallery.views.modify_image'), { 'gallery': self.gallery1.pk, 'delete': '', 'image': self.image1.pk }, follow=True, ) self.assertEqual(403, response.status_code) self.assertEqual(1, Image.objects.filter(pk=self.image1.pk).count())
class ModifyGalleryViewTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R') default_gallery_u1 = GalleryFactory(title='default', slug='default', subtitle='bla') UserGalleryFactory(user=self.profile1.user, gallery=default_gallery_u1, is_default=True) default_gallery_u2 = GalleryFactory(title='default', slug='default', subtitle='bla') UserGalleryFactory(user=self.profile2.user, gallery=default_gallery_u2, is_default=True) def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_fail_delete_multi_read_permission(self): """ when user wants to delete a list of galleries just with a read permission """ login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse('galleries-delete'), { 'delete_multi': '', 'g_items': [self.gallery1.pk] }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_multi_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse('galleries-delete'), { 'delete_multi': '', 'g_items': [self.gallery1.pk, self.gallery2.pk] }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(2, UserGallery.objects.all().count()) self.assertEqual(0, Image.objects.all().count()) def test_fail_delete_read_permission(self): """ when user wants to delete a gallery just with a read permission """ login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse('galleries-delete'), { 'delete': '', 'gallery': self.gallery1.pk }, follow=True) self.assertEqual(403, response.status_code) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse('galleries-delete'), { 'delete': '', 'gallery': self.gallery1.pk }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(0, Gallery.objects.filter(pk=self.gallery1.pk).count()) self.assertEqual( 0, UserGallery.objects.filter(gallery=self.gallery1).count()) self.assertEqual(0, Image.objects.filter(gallery=self.gallery1).count()) def test_fail_add_user_with_read_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) # gallery nonexistent response = self.client.post( reverse('gallery-members', kwargs={'pk': 99999}), { 'action': 'add', }) self.assertEqual(404, response.status_code) # try to add a user with write permission response = self.client.post( reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile2.user.username, 'mode': 'W', }) self.assertEqual(403, response.status_code) def test_fail_add_user_already_has_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) # Same permission : read response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile2.user.username, 'mode': 'R', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) # try to add write permission to a user # who has already an read permission response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile2.user.username, 'mode': 'W', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_read_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile3.user.username, 'mode': 'R', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_success_add_user_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile3.user.username, 'mode': 'W', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode) def test_success_modify_user_write_permission(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'add', 'user': self.profile3.user.username, 'mode': 'W', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode) response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'edit', 'user': self.profile3.user.username, 'mode': 'R', }, follow=True) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) def test_fail_user_modify_self(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'edit', 'user': self.profile1.user.username, 'mode': 'R', }, follow=True) self.assertEqual(403, response.status_code) permissions = UserGallery.objects.filter(user=self.profile1.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('W', permissions[0].mode) def test_success_user_leave_gallery(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # kick the other response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile2.user.username, }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(user_galleries.count(), 1) self.assertEqual(user_galleries.last().user, self.profile1.user) def test_error_last_user_with_write_leave_gallery(self): login_check = self.client.login(username=self.profile1.user.username, password='******') self.assertTrue(login_check) user_gallery = UserGallery.objects.filter(gallery=self.gallery1, user=self.profile1.user) self.assertEqual(user_gallery.count(), 1) # try to quit response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile1.user.username, }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(user_gallery.count(), 1) # not gone def test_success_user_with_read_permission_leave_gallery(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # leave response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile2.user.username, }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(user_galleries.count(), 1) self.assertEqual(user_galleries.last().user, self.profile1.user) def test_fail_user_modify_user_has_permission(self): login_check = self.client.login(username=self.profile2.user.username, password='******') self.assertTrue(login_check) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # set W response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'edit', 'user': self.profile2.user.username, 'mode': 'W', }, follow=True) self.assertEqual(403, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual('R', permissions[0].mode) # kick other response = self.client.post(reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), { 'action': 'leave', 'user': self.profile1.user.username, }, follow=True) self.assertEqual(403, response.status_code) self.assertEqual(user_galleries.count(), 2)
class ModifyGalleryViewTest(TestCase): def setUp(self): self.profile1 = ProfileFactory() self.profile2 = ProfileFactory() self.profile3 = ProfileFactory() self.gallery1 = GalleryFactory() self.gallery2 = GalleryFactory() self.image1 = ImageFactory(gallery=self.gallery1) self.image2 = ImageFactory(gallery=self.gallery1) self.image3 = ImageFactory(gallery=self.gallery2) self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1) self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2) self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode="R") default_gallery_u1 = GalleryFactory(title="default", slug="default", subtitle="bla") UserGalleryFactory(user=self.profile1.user, gallery=default_gallery_u1, is_default=True) default_gallery_u2 = GalleryFactory(title="default", slug="default", subtitle="bla") UserGalleryFactory(user=self.profile2.user, gallery=default_gallery_u2, is_default=True) def tearDown(self): self.image1.delete() self.image2.delete() self.image3.delete() def test_fail_delete_multi_read_permission(self): """when user wants to delete a list of galleries just with a read permission""" self.client.force_login(self.profile2.user) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse("galleries-delete"), { "delete_multi": "", "g_items": [self.gallery1.pk] }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_multi_write_permission(self): self.client.force_login(self.profile1.user) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post( reverse("galleries-delete"), { "delete_multi": "", "g_items": [self.gallery1.pk, self.gallery2.pk] }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(2, Gallery.objects.all().count()) self.assertEqual(2, UserGallery.objects.all().count()) self.assertEqual(0, Image.objects.all().count()) def test_fail_delete_read_permission(self): """when user wants to delete a gallery just with a read permission""" self.client.force_login(self.profile2.user) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse("galleries-delete"), { "delete": "", "gallery": self.gallery1.pk }, follow=True) self.assertEqual(403, response.status_code) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) def test_success_delete_write_permission(self): self.client.force_login(self.profile1.user) self.assertEqual(4, Gallery.objects.all().count()) self.assertEqual(5, UserGallery.objects.all().count()) self.assertEqual(3, Image.objects.all().count()) response = self.client.post(reverse("galleries-delete"), { "delete": "", "gallery": self.gallery1.pk }, follow=True) self.assertEqual(200, response.status_code) self.assertEqual(0, Gallery.objects.filter(pk=self.gallery1.pk).count()) self.assertEqual( 0, UserGallery.objects.filter(gallery=self.gallery1).count()) self.assertEqual(0, Image.objects.filter(gallery=self.gallery1).count()) def test_fail_add_user_with_read_permission(self): self.client.force_login(self.profile2.user) # gallery nonexistent response = self.client.post( reverse("gallery-members", kwargs={"pk": 99999}), { "action": "add", }, ) self.assertEqual(404, response.status_code) # try to add a user with write permission response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "add", "user": self.profile2.user.username, "mode": "W", }, ) self.assertEqual(403, response.status_code) def test_fail_add_user_already_has_permission(self): self.client.force_login(self.profile1.user) # Same permission : read response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "add", "user": self.profile2.user.username, "mode": "R", }, follow=True, ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("R", permissions[0].mode) # try to add write permission to a user # who has already an read permission response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "add", "user": self.profile2.user.username, "mode": "W", }, follow=True, ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("R", permissions[0].mode) def test_success_add_user_read_permission(self): self.client.force_login(self.profile1.user) response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "add", "user": self.profile3.user.username, "mode": "R", }, follow=True, ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("R", permissions[0].mode) def test_success_add_user_write_permission(self): self.client.force_login(self.profile1.user) response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "add", "user": self.profile3.user.username, "mode": "W", }, follow=True, ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("W", permissions[0].mode) def test_success_modify_user_write_permission(self): self.client.force_login(self.profile1.user) response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "add", "user": self.profile3.user.username, "mode": "W", }, follow=True, ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("W", permissions[0].mode) response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "edit", "user": self.profile3.user.username, "mode": "R", }, follow=True, ) self.assertEqual(200, response.status_code) permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("R", permissions[0].mode) def test_fail_user_modify_self(self): self.client.force_login(self.profile1.user) response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "edit", "user": self.profile1.user.username, "mode": "R", }, follow=True, ) self.assertEqual(403, response.status_code) permissions = UserGallery.objects.filter(user=self.profile1.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("W", permissions[0].mode) def test_success_user_leave_gallery(self): self.client.force_login(self.profile1.user) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # kick the other response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "leave", "user": self.profile2.user.username, }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(user_galleries.count(), 1) self.assertEqual(user_galleries.last().user, self.profile1.user) def test_error_last_user_with_write_leave_gallery(self): self.client.force_login(self.profile1.user) user_gallery = UserGallery.objects.filter(gallery=self.gallery1, user=self.profile1.user) self.assertEqual(user_gallery.count(), 1) # try to quit response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "leave", "user": self.profile1.user.username, }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(user_gallery.count(), 1) # not gone def test_success_user_with_read_permission_leave_gallery(self): self.client.force_login(self.profile2.user) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # leave response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "leave", "user": self.profile2.user.username, }, follow=True, ) self.assertEqual(200, response.status_code) self.assertEqual(user_galleries.count(), 1) self.assertEqual(user_galleries.last().user, self.profile1.user) def test_fail_user_modify_user_has_permission(self): self.client.force_login(self.profile2.user) user_galleries = UserGallery.objects.filter(gallery=self.gallery1) self.assertEqual(user_galleries.count(), 2) # set W response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "edit", "user": self.profile2.user.username, "mode": "W", }, follow=True, ) self.assertEqual(403, response.status_code) permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1) self.assertEqual(1, len(permissions)) self.assertEqual("R", permissions[0].mode) # kick other response = self.client.post( reverse("gallery-members", kwargs={"pk": self.gallery1.pk}), { "action": "leave", "user": self.profile1.user.username, }, follow=True, ) self.assertEqual(403, response.status_code) self.assertEqual(user_galleries.count(), 2)