예제 #1
0
파일: test_api.py 프로젝트: bigbeer/Comment
 def setUp(self):
     super().setUp()
     self.owner_permission = IsOwnerOrReadOnly()
     self.flag_enabled_permission = FlagEnabledPermission()
     self.can_change_flagged_comment_state = CanChangeFlaggedCommentState()
     self.factory = RequestFactory()
     self.view = CommentList()
예제 #2
0
class OwnerPermissionTest(BaseAPIPermissionsTest):
    def setUp(self):
        super().setUp()
        self.permission = IsOwnerOrReadOnly()

    def test_get_request(self):
        request = self.factory.get('/')

        self.assertTrue(
            self.permission.has_object_permission(request, self.view,
                                                  self.comment_1))

    def test_put_method_from_different_user(self):
        request = self.factory.put('/')
        request.user = self.user_2
        self.assertEqual(self.comment_1.user, self.user_1)

        self.assertFalse(
            self.permission.has_object_permission(request, self.view,
                                                  self.comment_1))

    def test_put_method_from_admin(self):
        request = self.factory.put('/')
        request.user = self.admin
        self.assertEqual(self.comment_1.user, self.user_1)

        self.assertFalse(
            self.permission.has_object_permission(request, self.view,
                                                  self.comment_1))

    def test_put_method_from_same_user(self):
        request = self.factory.put('/')
        request.user = self.user_1
        self.assertEqual(self.comment_1.user, self.user_1)

        self.assertTrue(
            self.permission.has_object_permission(request, self.view,
                                                  self.comment_1))
예제 #3
0
파일: test_api.py 프로젝트: bigbeer/Comment
class APIPermissionsTest(APIBaseTest):
    def setUp(self):
        super().setUp()
        self.owner_permission = IsOwnerOrReadOnly()
        self.flag_enabled_permission = FlagEnabledPermission()
        self.can_change_flagged_comment_state = CanChangeFlaggedCommentState()
        self.factory = RequestFactory()
        self.view = CommentList()

    @classmethod
    def setUpTestData(cls):
        super().setUpTestData()
        cls.flag_data = {
            'reason': FlagInstanceManager.reason_values[0],
            'info': '',
        }
        cls.create_flag_instance(cls.user_1, cls.comment_1, **cls.flag_data)
        cls.create_flag_instance(cls.user_2, cls.comment_1, **cls.flag_data)

    def test_owner_permission(self):
        # self.client.login(username='******', password='******')
        request = self.factory.get('/')
        # get is in the safe methods
        self.assertTrue(
            self.owner_permission.has_object_permission(
                request, self.view, self.comment_1))

        # PUT method from different user
        request = self.factory.put('/')
        request.user = self.user_2
        self.assertEqual(self.comment_1.user, self.user_1)
        self.assertFalse(
            self.owner_permission.has_object_permission(
                request, self.view, self.comment_1))

        # DELETE method from admin
        request = self.factory.put('/')
        request.user = self.admin
        self.assertEqual(self.comment_1.user, self.user_1)
        self.assertFalse(
            self.owner_permission.has_object_permission(
                request, self.view, self.comment_1))

        # PUT method from same user
        request = self.factory.put('/')
        request.user = self.user_1
        self.assertEqual(self.comment_1.user, self.user_1)
        self.assertTrue(
            self.owner_permission.has_object_permission(
                request, self.view, self.comment_1))

    def test_flag_enabled_permission(self):
        request = self.factory.get('/')
        settings.COMMENT_FLAGS_ALLOWED = 0
        self.assertFalse(
            self.flag_enabled_permission.has_permission(request, self.view))
        settings.COMMENT_FLAGS_ALLOWED = 1
        self.assertTrue(
            self.flag_enabled_permission.has_permission(request, self.view))

    def test_can_change_flagged_comment_state(self):
        request = self.factory.get('/')
        user = self.user_1
        request.user = user  # not moderator user
        self.assertFalse(
            self.can_change_flagged_comment_state.has_permission(
                request, self.view))

        user = self.moderator
        request.user = user
        self.assertTrue(
            self.can_change_flagged_comment_state.has_permission(
                request, self.view))

        comment = self.comment_2
        self.assertFalse(comment.is_flagged)
        self.assertFalse(
            self.can_change_flagged_comment_state.has_object_permission(
                request, self.view, comment))
        settings.COMMENT_FLAGS_ALLOWED = 1
        self.set_flag(self.user_1, comment, **self.flag_data)
        self.set_flag(self.user_2, comment, **self.flag_data)
        self.assertTrue(comment.is_flagged)
        self.assertTrue(
            self.can_change_flagged_comment_state.has_object_permission(
                request, self.view, comment))

        request.user = self.user_1
        self.assertFalse(
            self.can_change_flagged_comment_state.has_object_permission(
                request, self.view, comment))
예제 #4
0
class APIPermissionsTest(APIBaseTest):
    def setUp(self):
        super().setUp()
        self.owner_permission = IsOwnerOrReadOnly()
        self.content_type_permission = ContentTypePermission()
        self.parent_permission = ParentIdPermission()
        self.flag_enabled_permission = FlagEnabledPermission()
        self.can_change_flagged_comment_state = CanChangeFlaggedCommentState()
        self.factory = RequestFactory()
        self.view = CommentList()

    def test_owner_permission(self):
        # self.client.login(username='******', password='******')
        request = self.factory.get('/')
        # get is in the safe methods
        self.assertTrue(self.owner_permission.has_object_permission(request, self.view, self.comment_1))

        # PUT method from different user
        request = self.factory.put('/')
        request.user = self.user_2
        self.assertEqual(self.comment_1.user, self.user_1)
        self.assertFalse(self.owner_permission.has_object_permission(request, self.view, self.comment_1))

        # DELETE method from admin
        request = self.factory.put('/')
        request.user = self.admin
        self.assertEqual(self.comment_1.user, self.user_1)
        self.assertFalse(self.owner_permission.has_object_permission(request, self.view, self.comment_1))

        # PUT method from same user
        request = self.factory.put('/')
        request.user = self.user_1
        self.assertEqual(self.comment_1.user, self.user_1)
        self.assertTrue(self.owner_permission.has_object_permission(request, self.view, self.comment_1))

    def test_content_type_permission(self):
        # missing model type
        request = self.factory.get('/api/comments/')
        self.assertFalse(self.content_type_permission.has_permission(request, self.view))
        self.assertEqual(self.content_type_permission.message, 'model type must be provided')

        # missing model id
        request = self.factory.get('/api/comments/?type=post')
        self.assertFalse(self.content_type_permission.has_permission(request, self.view))
        self.assertEqual(self.content_type_permission.message, 'model id must be provided')

        # not exist model type
        request = self.factory.get('/api/comments/?type=not_exist&id=1')
        self.assertFalse(self.content_type_permission.has_permission(request, self.view))
        self.assertEqual(self.content_type_permission.message, 'this is not a valid model type')

        # not exist model id
        request = self.factory.get('/api/comments/?type=post&id=100')
        self.assertFalse(self.content_type_permission.has_permission(request, self.view))
        self.assertEqual(self.content_type_permission.message, 'this is not a valid id for this model')

        # not integer model id
        request = self.factory.get('/api/comments/?type=post&id=c')
        self.assertFalse(self.content_type_permission.has_permission(request, self.view))
        self.assertEqual(self.content_type_permission.message, 'type id must be an integer')

        # success
        self.content_type_permission = ContentTypePermission()  # start fresh
        request = self.factory.get('/api/comments/?type=post&id=1')
        self.assertTrue(self.content_type_permission.has_permission(request, self.view))
        self.assertEqual(self.content_type_permission.message, '')

    def test_parent_id_permission(self):
        # parent id not provided - user will be permitted and parent comment will be created
        request = self.factory.get('/api/comments/create/?type=post&id=1')
        self.assertTrue(self.parent_permission.has_permission(request, self.view))
        self.assertEqual(self.parent_permission.message, '')

        # parent id not int
        request = self.factory.get('/api/comments/create/?type=post&id=1&parent_id=c')
        self.assertFalse(self.parent_permission.has_permission(request, self.view))
        self.assertEqual(self.parent_permission.message, 'the parent id must be an integer')

        # parent id not exist
        request = self.factory.get('/api/comments/create/?type=post&id=1&parent_id=100')
        self.assertFalse(self.parent_permission.has_permission(request, self.view))
        self.assertEqual(
            self.parent_permission.message,
            "this is not a valid id for a parent comment or the parent comment does NOT belong to this model object"
        )

        # parent id doesn't belong to the provided model type
        request = self.factory.get('/api/comments/create/?type=post&id=2&parent_id=1')
        self.assertFalse(self.parent_permission.has_permission(request, self.view))
        self.assertEqual(
            self.parent_permission.message,
            "this is not a valid id for a parent comment or the parent comment does NOT belong to this model object"
        )

        # parent id = 0
        request = self.factory.get('/api/comments/create/?type=post&id=2&parent_id=0')
        self.assertTrue(self.parent_permission.has_permission(request, self.view))

    def test_flag_enabled_permission(self):
        request = self.factory.get('/')
        settings.COMMENT_FLAGS_ALLOWED = 0
        self.assertFalse(self.flag_enabled_permission.has_permission(request, self.view))
        settings.COMMENT_FLAGS_ALLOWED = 1
        self.assertTrue(self.flag_enabled_permission.has_permission(request, self.view))

    def test_can_change_flagged_comment_state(self):
        request = self.factory.get('/')
        request.user = self.user_1  # not moderator user
        self.assertFalse(self.can_change_flagged_comment_state.has_permission(request, self.view))

        request.user = self.moderator
        self.assertTrue(self.can_change_flagged_comment_state.has_permission(request, self.view))

        self.assertFalse(self.comment_1.is_flagged)
        self.assertFalse(
            self.can_change_flagged_comment_state.has_object_permission(request, self.view, self.comment_1)
        )

        flag_data = {
            'reason': '1',
            'info': None,
        }
        settings.COMMENT_FLAGS_ALLOWED = 1
        self.create_flag_instance(self.user_1, self.comment_1, **flag_data)
        self.create_flag_instance(self.user_2, self.comment_1, **flag_data)
        self.assertTrue(self.comment_1.is_flagged)
        self.assertTrue(
            self.can_change_flagged_comment_state.has_object_permission(request, self.view, self.comment_1)
        )

        request.user = self.user_1
        self.assertFalse(
            self.can_change_flagged_comment_state.has_object_permission(request, self.view, self.comment_1)
        )
예제 #5
0
 def setUp(self):
     super().setUp()
     self.permission = IsOwnerOrReadOnly()