def test_private_node_logged_out_user_cannot_see_deleted_comment(self): self._set_up_private_project_with_comment() comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, expect_errors=True) assert_equal(res.status_code, 401)
def test_private_node_logged_out_user_cannot_see_deleted_comment(self): self._set_up_private_project_with_comment() comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, expect_errors=True) assert_equal(res.status_code, 401)
def test_public_node_logged_out_user_cannot_view_deleted_file_comments(self): self._set_up_public_project_with_file_comment() comment = CommentFactory(node=self.public_project, target=self.public_file, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url) assert_equal(res.status_code, 200) assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_logged_out_user_cannot_see_deleted_file_comment(self): self._set_up_private_project_with_file_comment() comment = CommentFactory(node=self.private_project, target=self.file, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.')
def test_private_node_contributor_cannot_see_other_users_deleted_file_comment(self): self._set_up_private_project_with_file_comment() comment = CommentFactory(node=self.private_project, target=self.file, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, auth=self.contributor.auth) assert_equal(res.status_code, 200) assert_is_none(res.json['data']['attributes']['content'])
def test_public_node_non_contributor_cannot_view_other_users_deleted_comment(self): public_project = ProjectFactory(is_public=True, creator=self.user) comment = CommentFactory(node=public_project, target=public_project, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, auth=self.non_contributor.auth) assert_equal(res.status_code, 200) assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_only_logged_in_commenter_can_view_deleted_comment(self): self._set_up_private_project_with_comment() comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['content'], comment.content)
def test_public_node_logged_out_user_cannot_view_deleted_comments(self): public_project = ProjectFactory(is_public=True, creator=self.user) comment = CommentFactory(node=public_project, target=public_project, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url) assert_equal(res.status_code, 200) assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_contributor_cannot_see_other_users_deleted_comment(self): self._set_up_private_project_with_comment() comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user) comment.is_deleted = True comment.save() url = '/{}comments/{}/'.format(API_BASE, comment._id) res = self.app.get(url, auth=self.contributor.auth) assert_equal(res.status_code, 200) assert_is_none(res.json['data']['attributes']['content'])
def test_private_node_only_logged_in_contributor_commenter_can_undelete_own_reply(self): self._set_up_private_project_with_comment() reply_target = Guid.load(self.comment._id) reply = CommentFactory(node=self.private_project, target=reply_target, user=self.user) reply_url = '/{}comments/{}/'.format(API_BASE, reply) reply.is_deleted = True reply.save() payload = self._set_up_payload(reply._id, has_content=False) res = self.app.patch_json_api(reply_url, payload, auth=self.user.auth) assert_equal(res.status_code, 200) assert_false(res.json['data']['attributes']['deleted']) assert_equal(res.json['data']['attributes']['content'], reply.content)
def test_private_node_only_logged_in_contributor_commenter_can_undelete_own_reply( self): self._set_up_private_project_with_comment() reply_target = Guid.load(self.comment._id) reply = CommentFactory(node=self.private_project, target=reply_target, user=self.user) reply_url = '/{}comments/{}/'.format(API_BASE, reply) reply.is_deleted = True reply.save() payload = self._set_up_payload(reply._id, has_content=False) res = self.app.patch_json_api(reply_url, payload, auth=self.user.auth) assert_equal(res.status_code, 200) assert_false(res.json['data']['attributes']['deleted']) assert_equal(res.json['data']['attributes']['content'], reply.content)