def test_private_node_logged_out_user_cannot_see_deleted_comment(self):
self._set_up_private_project_with_comment()
comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_private_node_logged_out_user_cannot_see_deleted_comment(self):
self._set_up_private_project_with_comment()
comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_public_node_logged_out_user_cannot_view_deleted_file_comments(self):
self._set_up_public_project_with_file_comment()
comment = CommentFactory(node=self.public_project, target=self.public_file, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url)
assert_equal(res.status_code, 200)
assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_logged_out_user_cannot_see_deleted_file_comment(self):
self._set_up_private_project_with_file_comment()
comment = CommentFactory(node=self.private_project, target=self.file, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, expect_errors=True)
assert_equal(res.status_code, 401)
assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.')
def test_private_node_contributor_cannot_see_other_users_deleted_file_comment(self):
self._set_up_private_project_with_file_comment()
comment = CommentFactory(node=self.private_project, target=self.file, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, auth=self.contributor.auth)
assert_equal(res.status_code, 200)
assert_is_none(res.json['data']['attributes']['content'])
def test_public_node_non_contributor_cannot_view_other_users_deleted_comment(self):
public_project = ProjectFactory(is_public=True, creator=self.user)
comment = CommentFactory(node=public_project, target=public_project, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, auth=self.non_contributor.auth)
assert_equal(res.status_code, 200)
assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_only_logged_in_commenter_can_view_deleted_comment(self):
self._set_up_private_project_with_comment()
comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['attributes']['content'], comment.content)
def test_public_node_logged_out_user_cannot_view_deleted_comments(self):
public_project = ProjectFactory(is_public=True, creator=self.user)
comment = CommentFactory(node=public_project, target=public_project, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url)
assert_equal(res.status_code, 200)
assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_contributor_cannot_see_other_users_deleted_comment(self):
self._set_up_private_project_with_comment()
comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user)
comment.is_deleted = True
comment.save()
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = self.app.get(url, auth=self.contributor.auth)
assert_equal(res.status_code, 200)
assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_only_logged_in_contributor_commenter_can_undelete_own_reply(self):
self._set_up_private_project_with_comment()
reply_target = Guid.load(self.comment._id)
reply = CommentFactory(node=self.private_project, target=reply_target, user=self.user)
reply_url = '/{}comments/{}/'.format(API_BASE, reply)
reply.is_deleted = True
reply.save()
payload = self._set_up_payload(reply._id, has_content=False)
res = self.app.patch_json_api(reply_url, payload, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_false(res.json['data']['attributes']['deleted'])
assert_equal(res.json['data']['attributes']['content'], reply.content)
def test_private_node_only_logged_in_contributor_commenter_can_undelete_own_reply(
self):
self._set_up_private_project_with_comment()
reply_target = Guid.load(self.comment._id)
reply = CommentFactory(node=self.private_project,
target=reply_target,
user=self.user)
reply_url = '/{}comments/{}/'.format(API_BASE, reply)
reply.is_deleted = True
reply.save()
payload = self._set_up_payload(reply._id, has_content=False)
res = self.app.patch_json_api(reply_url, payload, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_false(res.json['data']['attributes']['deleted'])
assert_equal(res.json['data']['attributes']['content'], reply.content)
