def test_blogpost_delete_by_non_owner(self): """Test blogpost delete by non owner of the app is forbidden""" user = self.create_users()[1] app = AppFactory.create(owner=user) blogpost = BlogpostFactory(owner=user, app=app) url = "/app/%s/%s/delete" % (app.short_name, blogpost.id) self.register() res = self.app.post(url, follow_redirects=True) assert res.status_code == 403, res.status_code blogpost = db.session.query(Blogpost).first() assert blogpost is not None
def test_blogpost_delete_by_anonymous(self): """Test blogpost delete, anonymous users are redirected to signin""" user = self.create_users()[1] app = AppFactory.create(owner=user) blogpost = BlogpostFactory(owner=user, app=app) url = "/app/%s/%s/delete" % (app.short_name, blogpost.id) res = self.app.post(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert "Please sign in to access this page" in res.data blogpost = db.session.query(Blogpost).first() assert blogpost is not None
def test_blogpost_delete_by_owner(self, mock_redirect): """Test blogposts, app owners can delete""" self.register() user = db.session.query(User).get(1) app = AppFactory.create(owner=user) blogpost = BlogpostFactory(owner=user, app=app) url = "/app/%s/%s/delete" % (app.short_name, blogpost.id) redirect_url = '/app/%s/blog' % app.short_name res = self.app.post(url, follow_redirects=True) assert res.status_code == 200, res.status_code mock_redirect.assert_called_with(redirect_url) blogpost = db.session.query(Blogpost).first() assert blogpost is None, blogpost
def test_blogpost_update_by_non_owner(self): """Test blogpost update by non owner of the app is forbidden""" user = self.create_users()[1] app = AppFactory.create(owner=user) blogpost = BlogpostFactory(owner=user, app=app, title='title') url = "/app/%s/%s/update" % (app.short_name, blogpost.id) self.register() res = self.app.get(url, follow_redirects=True) assert res.status_code == 403, res.status_code res = self.app.post(url, data={ 'title': 'new title', 'body': 'body' }, follow_redirects=True) assert res.status_code == 403, res.status_code blogpost = db.session.query(Blogpost).first() assert blogpost.title == 'title', blogpost.title
def test_blogpost_update_by_anonymous(self): """Test blogpost update, anonymous users are redirected to signin""" user = self.create_users()[1] app = AppFactory.create(owner=user) blogpost = BlogpostFactory(owner=user, app=app, title='title') url = "/app/%s/%s/update" % (app.short_name, blogpost.id) res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert "Please sign in to access this page" in res.data, res.data res = self.app.post(url, data={ 'id': blogpost.id, 'title': 'new title', 'body': 'new body' }, follow_redirects=True) assert res.status_code == 200, res.status_code assert "Please sign in to access this page" in res.data blogpost = db.session.query(Blogpost).first() assert blogpost.title == 'title', blogpost.title
def test_blogpost_update_by_owner(self, mock_redirect): """Test blogposts, app owners can update""" self.register() user = db.session.query(User).get(1) app = AppFactory.create(owner=user) blogpost = BlogpostFactory(owner=user, app=app) url = "/app/%s/%s/update" % (app.short_name, blogpost.id) res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code res = self.app.post(url, data={ 'id': blogpost.id, 'title': 'blogpost title', 'body': 'new body' }, follow_redirects=True) assert res.status_code == 200, res.status_code mock_redirect.assert_called_with('/app/%s/blog' % app.short_name) blogpost = db.session.query(Blogpost).first() assert blogpost.title == 'blogpost title', blogpost.title assert blogpost.body == 'new body', blogpost.body