def setUp(self):
super().setUp()
self.owner_permission = IsOwnerOrReadOnly()
self.flag_enabled_permission = FlagEnabledPermission()
self.can_change_flagged_comment_state = CanChangeFlaggedCommentState()
self.factory = RequestFactory()
self.view = CommentList()
class FlagEnabledPermissionTest(BaseAPIPermissionsTest):
@classmethod
def setUpTestData(cls):
super().setUpTestData()
cls.request = cls.factory.get('/')
def setUp(self):
super().setUp()
self.permission = FlagEnabledPermission()
@patch.object(settings, 'COMMENT_FLAGS_ALLOWED', 0)
def test_flagging_disabled(self):
self.assertIs(False,
self.permission.has_permission(self.request, self.view))
@patch.object(settings, 'COMMENT_FLAGS_ALLOWED', 1)
def test_flagging_enabled(self):
self.assertIs(True,
self.permission.has_permission(self.request, self.view))
class APIPermissionsTest(APIBaseTest):
def setUp(self):
super().setUp()
self.owner_permission = IsOwnerOrReadOnly()
self.flag_enabled_permission = FlagEnabledPermission()
self.can_change_flagged_comment_state = CanChangeFlaggedCommentState()
self.factory = RequestFactory()
self.view = CommentList()
@classmethod
def setUpTestData(cls):
super().setUpTestData()
cls.flag_data = {
'reason': FlagInstanceManager.reason_values[0],
'info': '',
}
cls.create_flag_instance(cls.user_1, cls.comment_1, **cls.flag_data)
cls.create_flag_instance(cls.user_2, cls.comment_1, **cls.flag_data)
def test_owner_permission(self):
# self.client.login(username='******', password='******')
request = self.factory.get('/')
# get is in the safe methods
self.assertTrue(
self.owner_permission.has_object_permission(
request, self.view, self.comment_1))
# PUT method from different user
request = self.factory.put('/')
request.user = self.user_2
self.assertEqual(self.comment_1.user, self.user_1)
self.assertFalse(
self.owner_permission.has_object_permission(
request, self.view, self.comment_1))
# DELETE method from admin
request = self.factory.put('/')
request.user = self.admin
self.assertEqual(self.comment_1.user, self.user_1)
self.assertFalse(
self.owner_permission.has_object_permission(
request, self.view, self.comment_1))
# PUT method from same user
request = self.factory.put('/')
request.user = self.user_1
self.assertEqual(self.comment_1.user, self.user_1)
self.assertTrue(
self.owner_permission.has_object_permission(
request, self.view, self.comment_1))
def test_flag_enabled_permission(self):
request = self.factory.get('/')
settings.COMMENT_FLAGS_ALLOWED = 0
self.assertFalse(
self.flag_enabled_permission.has_permission(request, self.view))
settings.COMMENT_FLAGS_ALLOWED = 1
self.assertTrue(
self.flag_enabled_permission.has_permission(request, self.view))
def test_can_change_flagged_comment_state(self):
request = self.factory.get('/')
user = self.user_1
request.user = user # not moderator user
self.assertFalse(
self.can_change_flagged_comment_state.has_permission(
request, self.view))
user = self.moderator
request.user = user
self.assertTrue(
self.can_change_flagged_comment_state.has_permission(
request, self.view))
comment = self.comment_2
self.assertFalse(comment.is_flagged)
self.assertFalse(
self.can_change_flagged_comment_state.has_object_permission(
request, self.view, comment))
settings.COMMENT_FLAGS_ALLOWED = 1
self.set_flag(self.user_1, comment, **self.flag_data)
self.set_flag(self.user_2, comment, **self.flag_data)
self.assertTrue(comment.is_flagged)
self.assertTrue(
self.can_change_flagged_comment_state.has_object_permission(
request, self.view, comment))
request.user = self.user_1
self.assertFalse(
self.can_change_flagged_comment_state.has_object_permission(
request, self.view, comment))
class APIPermissionsTest(APIBaseTest):
def setUp(self):
super().setUp()
self.owner_permission = IsOwnerOrReadOnly()
self.content_type_permission = ContentTypePermission()
self.parent_permission = ParentIdPermission()
self.flag_enabled_permission = FlagEnabledPermission()
self.can_change_flagged_comment_state = CanChangeFlaggedCommentState()
self.factory = RequestFactory()
self.view = CommentList()
def test_owner_permission(self):
# self.client.login(username='******', password='******')
request = self.factory.get('/')
# get is in the safe methods
self.assertTrue(self.owner_permission.has_object_permission(request, self.view, self.comment_1))
# PUT method from different user
request = self.factory.put('/')
request.user = self.user_2
self.assertEqual(self.comment_1.user, self.user_1)
self.assertFalse(self.owner_permission.has_object_permission(request, self.view, self.comment_1))
# DELETE method from admin
request = self.factory.put('/')
request.user = self.admin
self.assertEqual(self.comment_1.user, self.user_1)
self.assertFalse(self.owner_permission.has_object_permission(request, self.view, self.comment_1))
# PUT method from same user
request = self.factory.put('/')
request.user = self.user_1
self.assertEqual(self.comment_1.user, self.user_1)
self.assertTrue(self.owner_permission.has_object_permission(request, self.view, self.comment_1))
def test_content_type_permission(self):
# missing model type
request = self.factory.get('/api/comments/')
self.assertFalse(self.content_type_permission.has_permission(request, self.view))
self.assertEqual(self.content_type_permission.message, 'model type must be provided')
# missing model id
request = self.factory.get('/api/comments/?type=post')
self.assertFalse(self.content_type_permission.has_permission(request, self.view))
self.assertEqual(self.content_type_permission.message, 'model id must be provided')
# not exist model type
request = self.factory.get('/api/comments/?type=not_exist&id=1')
self.assertFalse(self.content_type_permission.has_permission(request, self.view))
self.assertEqual(self.content_type_permission.message, 'this is not a valid model type')
# not exist model id
request = self.factory.get('/api/comments/?type=post&id=100')
self.assertFalse(self.content_type_permission.has_permission(request, self.view))
self.assertEqual(self.content_type_permission.message, 'this is not a valid id for this model')
# not integer model id
request = self.factory.get('/api/comments/?type=post&id=c')
self.assertFalse(self.content_type_permission.has_permission(request, self.view))
self.assertEqual(self.content_type_permission.message, 'type id must be an integer')
# success
self.content_type_permission = ContentTypePermission() # start fresh
request = self.factory.get('/api/comments/?type=post&id=1')
self.assertTrue(self.content_type_permission.has_permission(request, self.view))
self.assertEqual(self.content_type_permission.message, '')
def test_parent_id_permission(self):
# parent id not provided - user will be permitted and parent comment will be created
request = self.factory.get('/api/comments/create/?type=post&id=1')
self.assertTrue(self.parent_permission.has_permission(request, self.view))
self.assertEqual(self.parent_permission.message, '')
# parent id not int
request = self.factory.get('/api/comments/create/?type=post&id=1&parent_id=c')
self.assertFalse(self.parent_permission.has_permission(request, self.view))
self.assertEqual(self.parent_permission.message, 'the parent id must be an integer')
# parent id not exist
request = self.factory.get('/api/comments/create/?type=post&id=1&parent_id=100')
self.assertFalse(self.parent_permission.has_permission(request, self.view))
self.assertEqual(
self.parent_permission.message,
"this is not a valid id for a parent comment or the parent comment does NOT belong to this model object"
)
# parent id doesn't belong to the provided model type
request = self.factory.get('/api/comments/create/?type=post&id=2&parent_id=1')
self.assertFalse(self.parent_permission.has_permission(request, self.view))
self.assertEqual(
self.parent_permission.message,
"this is not a valid id for a parent comment or the parent comment does NOT belong to this model object"
)
# parent id = 0
request = self.factory.get('/api/comments/create/?type=post&id=2&parent_id=0')
self.assertTrue(self.parent_permission.has_permission(request, self.view))
def test_flag_enabled_permission(self):
request = self.factory.get('/')
settings.COMMENT_FLAGS_ALLOWED = 0
self.assertFalse(self.flag_enabled_permission.has_permission(request, self.view))
settings.COMMENT_FLAGS_ALLOWED = 1
self.assertTrue(self.flag_enabled_permission.has_permission(request, self.view))
def test_can_change_flagged_comment_state(self):
request = self.factory.get('/')
request.user = self.user_1 # not moderator user
self.assertFalse(self.can_change_flagged_comment_state.has_permission(request, self.view))
request.user = self.moderator
self.assertTrue(self.can_change_flagged_comment_state.has_permission(request, self.view))
self.assertFalse(self.comment_1.is_flagged)
self.assertFalse(
self.can_change_flagged_comment_state.has_object_permission(request, self.view, self.comment_1)
)
flag_data = {
'reason': '1',
'info': None,
}
settings.COMMENT_FLAGS_ALLOWED = 1
self.create_flag_instance(self.user_1, self.comment_1, **flag_data)
self.create_flag_instance(self.user_2, self.comment_1, **flag_data)
self.assertTrue(self.comment_1.is_flagged)
self.assertTrue(
self.can_change_flagged_comment_state.has_object_permission(request, self.view, self.comment_1)
)
request.user = self.user_1
self.assertFalse(
self.can_change_flagged_comment_state.has_object_permission(request, self.view, self.comment_1)
)
def setUp(self):
super().setUp()
self.permission = FlagEnabledPermission()