def handle(self, *args, **options):
count = 100000
for i in xrange(count):
lradius = random.uniform(0.1, 0.8)
lat = random.uniform(-85, 85)
lng = random.uniform(-175, 175)
north_east = Point(lng + lradius, lat - lradius)
south_west = Point(lng - lradius, lat + lradius)
center = Point(lng, lat)
radius = lradius * 111131 # length of lng degree on 45 lat
polygon = Polygon((
(north_east.x, north_east.y),
(north_east.x, south_west.y),
(south_west.x, south_west.y),
(south_west.x, north_east.y),
(north_east.x, north_east.y)
))
is_circle = random.randint(0,1) == 1
region = Region(
name="region_num_%s" % i,
north_east =north_east,
south_west=south_west,
polygon=polygon,
radius=radius,
center=center,
is_circle=is_circle,
)
percents = (float(i) / float(count)) * 100
sys.stdout.write("Completeness: %3d%%\r" % percents)
sys.stdout.flush()
region.save()
def handle(self, *args, **options):
path = pathjoin(
dirname(__file__),
pardir, pardir,
'azavea-geo-data',
'Neighborhoods_Philadelphia',
'Neighborhoods_Philadelphia.shp')
shapefile = gdal.DataSource(path)
for layer in shapefile:
for feature in layer:
try:
region = Region.objects.get(
layer='neighborhoods',
name=feature.get('listname'))
print 'Updating "%s"' % region.name
except Region.DoesNotExist:
region = Region(
layer='neighborhoods',
name=feature.get('listname'))
print 'Loading "%s"' % region.name
# Transform the projection from 102729 (NAD 1983 StatePlane
# Pennsylvania South FIPS 3702 Feet) to 4326 (WSG 1984).
#
# Source: http://svn.osgeo.org/postgis/tags/0.7.4/spatial_ref_sys.sql
region.shape = feature.geom.geos
region.shape.srid = 102729
region.shape.transform(4326)
region.save()
def setUp(self):
self.regions = []
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
class RegionPermissionTests(TestCase):
def setUp(self):
self.regions = []
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.philip = User(username="******", email="*****@*****.**")
self.philip.save()
self.marina = User(username="******", email="*****@*****.**")
self.marina.save()
# Philip admin of SF
self.sf.regionsettings.admins.add(self.philip)
# Marina admin of Oakland
self.oak.regionsettings.admins.add(self.marina)
def test_banned_cant_edit(self):
# Add Marina to the SF banned list
banned_sf, created = BannedFromRegion.objects.get_or_create(region=self.sf)
banned_sf.users.add(self.marina)
p = Page(name="In sf", region=self.sf)
self.assertFalse(self.marina.has_perm('pages.change_page', p))
mapdata = MapData(page=p, region=self.sf)
self.assertFalse(self.marina.has_perm('maps.change_map', mapdata))
redirect = Redirect(source="testsource", destination=p, region=self.sf)
self.assertFalse(self.marina.has_perm('redirects.change_redirect', redirect))
def handle(self, *args, **options):
path = pathjoin(dirname(__file__), pardir, pardir, 'azavea-geo-data',
'Neighborhoods_Philadelphia',
'Neighborhoods_Philadelphia.shp')
shapefile = gdal.DataSource(path)
for layer in shapefile:
for feature in layer:
try:
region = Region.objects.get(layer='neighborhoods',
name=feature.get('listname'))
print 'Updating "%s"' % region.name
except Region.DoesNotExist:
region = Region(layer='neighborhoods',
name=feature.get('listname'))
print 'Loading "%s"' % region.name
# Transform the projection from 102729 (NAD 1983 StatePlane
# Pennsylvania South FIPS 3702 Feet) to 4326 (WSG 1984).
#
# Source: http://svn.osgeo.org/postgis/tags/0.7.4/spatial_ref_sys.sql
region.shape = feature.geom.geos
region.shape.srid = 102729
region.shape.transform(4326)
region.save()
def setUp(self):
super(AuthenticationAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
# Create auth token for the edit user
self.token = Token.objects.get_or_create(user=self.edit_user)[0]
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
def setUp(self):
from regions.models import Region
from pages.models import Page
from tags.models import Tag, PageTagSet
self.factory = RequestFactory()
# Create a new region and associate a domain with it
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.sf.regionsettings.domain = 'fakename.org'
self.sf.regionsettings.save()
self.user = User.objects.create_user(
username='******', email='*****@*****.**', password='******')
self.user.save()
# Create a page in the SF region
p = Page(name='Parks', content='<p>Hi</p>', region=self.sf)
p.save(user=self.user)
p.content += "!"
p.save(user=self.user)
# Add a tag to the page
t = Tag(name='park', slug='park', region=self.sf)
t.save(user=self.user)
pts = PageTagSet(region=self.sf, page=p)
pts.save(user=self.user)
pts.tags.add(t)
pts.save(user=self.user)
class XSSTest(TestCase):
""" Test for tricky attempts to inject scripts into a page
Exploits adapted from http://ha.ckers.org/xss.html
"""
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
def encode_hex_entities(self, string):
return ''.join('&#x%02X;' % ord(c) for c in string)
def encode_decimal_entities(self, string):
return ''.join('&#%i' % ord(c) for c in string)
def test_encode_hex_entities(self):
encoded = self.encode_hex_entities('\'\';!--"<XSS>=&{()}')
self.assertEqual(
encoded, ''';!--"'
'<XSS>=&'
'{()}')
def test_encode_decimal_entities(self):
encoded = self.encode_decimal_entities('\'\';!--"<XSS>=&{()}')
self.assertEqual(
encoded, ''';!--"<XS'
'S>=&{()}')
def test_xss_all(self):
for exploit in xss_exploits:
for e in [exploit, exploit.lower(), exploit.upper()]:
self.failIf(self.is_exploitable(e), 'XSS exploit: ' + e)
hex = self.encode_hex_entities(e)
self.failIf(self.is_exploitable(hex), 'XSS exploit hex: ' + e)
dec = self.encode_decimal_entities(e)
self.failIf(self.is_exploitable(dec), 'XSS exploit dec: ' + e)
def is_exploitable(self, exploit):
p = Page(name='XSS Test', content=exploit, region=self.region)
p.clean_fields()
t = Template(html_to_template_text(p.content, {'region': self.region}))
html = t.render(Context())
return self.contains_script(html)
def contains_script(self, html):
fragments = fragments_fromstring(html)
for frag in fragments:
if not hasattr(frag, 'tag'):
continue
for e in frag.iter():
if e.tag.lower() == 'script' or e.tag.lower() == 'xss':
return True
for a, v in e.attrib.items():
if a.lower().startswith('on'):
# event handler
return True
if v.lower().startswith('jav'):
# script protocol
return True
return False
class XSSTest(TestCase):
""" Test for tricky attempts to inject scripts into a page
Exploits adapted from http://ha.ckers.org/xss.html
"""
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
def encode_hex_entities(self, string):
return''.join('&#x%02X;' % ord(c) for c in string)
def encode_decimal_entities(self, string):
return''.join('&#%i' % ord(c) for c in string)
def test_encode_hex_entities(self):
encoded = self.encode_hex_entities('\'\';!--"<XSS>=&{()}')
self.assertEqual(encoded, ''';!--"'
'<XSS>=&'
'{()}')
def test_encode_decimal_entities(self):
encoded = self.encode_decimal_entities('\'\';!--"<XSS>=&{()}')
self.assertEqual(encoded, ''';!--"<XS'
'S>=&{()}')
def test_xss_all(self):
for exploit in xss_exploits:
for e in [exploit, exploit.lower(), exploit.upper()]:
self.failIf(self.is_exploitable(e), 'XSS exploit: ' + e)
hex = self.encode_hex_entities(e)
self.failIf(self.is_exploitable(hex), 'XSS exploit hex: ' + e)
dec = self.encode_decimal_entities(e)
self.failIf(self.is_exploitable(dec), 'XSS exploit dec: ' + e)
def is_exploitable(self, exploit):
p = Page(name='XSS Test', content=exploit, region=self.region)
p.clean_fields()
t = Template(html_to_template_text(p.content, {'region': self.region}))
html = t.render(Context())
return self.contains_script(html)
def contains_script(self, html):
fragments = fragments_fromstring(html)
for frag in fragments:
if not hasattr(frag, 'tag'):
continue
for e in frag.iter():
if e.tag.lower() == 'script' or e.tag.lower() == 'xss':
return True
for a, v in e.attrib.items():
if a.lower().startswith('on'):
# event handler
return True
if v.lower().startswith('jav'):
# script protocol
return True
return False
def setUp(self):
super(FileAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
self.oak_region = Region(full_name='Oakland', slug='oak')
self.oak_region.save()
p = Page(region=self.oak_region)
p.content = '<p>Lake Merritt here</p>'
p.name = 'Lake Merritt'
p.save()
self.lake_merritt = p
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
pf = PageFile(name="file.txt",
slug='duboce park',
region=self.sf_region)
pf.save()
pf.file.save('file.txt', ContentFile('foo'))
pf = PageFile(name="file_other.txt",
slug='duboce park',
region=self.sf_region)
pf.save()
pf.file.save('file_other.txt', ContentFile('foo2'))
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
self.old_allowed_src = getattr(settings, 'EMBED_ALLOWED_SRC', ['.*'])
settings.EMBED_ALLOWED_SRC = [
'http://www.youtube.com/embed/.*',
'http://player.vimeo.com/video/.*'
]
class RedirectTest(TestCase):
def setUp(self):
self.region = Region(full_name="Test Region", slug="test_region")
self.region.save()
def test_redirect_to_self(self):
p = Page(name="foobar", content="<p>foobar</p>", region=self.region)
p.save()
r = Redirect(source='foobar', destination=p, region=self.region)
self.assertRaises(exceptions.RedirectToSelf, r.save)
def setUp(self):
super(PageAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
self.oak_region = Region(full_name='Oakland', slug='oak')
self.oak_region.save()
p = Page(region=self.oak_region)
p.content = '<p>Lake Merritt here</p>'
p.name = 'Lake Merritt'
p.save()
self.lake_merritt = p
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
t1 = Tag(name='lake')
t1.save()
t2 = Tag(name='water')
t2.save()
pts = PageTagSet(page=p, region=self.sf_region)
pts.save()
pts.tags = [t1, t2]
def test_fix_tags(self):
"""
Test the `fix_tags` utility function.
"""
from pages.models import Page
from tags.tag_utils import fix_tags
#########################
# Create some test regions
#########################
sf = Region(full_name="San Francisco Test", slug='sftest')
sf.save()
mission = Region(full_name="Mission", slug="mission")
mission.save()
#########################
# Create some test tags
#########################
park = Tag(name='park', region=sf)
park.save()
fun = Tag(name='fun', region=sf)
fun.save()
#########################
# Add the tags to a test page
#########################
page = Page(name="Duboce Park", content="<p>Park.</p>", region=sf)
page.save()
pts = PageTagSet(
page=page,
region=sf
)
pts.save()
pts.tags.add(park)
pts.tags.add(fun)
pts.save()
# Now do something odd and make one of the referenced `Tag`s point
# to a different region than the PageTagSet.
fun.region = mission
fun.save()
self.assertTrue(pts.tags.filter(region=mission).exists())
# Then attempt a fix:
fix_tags(sf, PageTagSet.objects.filter(id=pts.id))
pts = PageTagSet.objects.get(page=page, region=sf)
self.assertFalse(pts.tags.filter(region=mission).exists())
# Check that this is fixed in historical versions as well
for pts_h in pts.versions.all():
self.assertFalse(pts_h.tags.filter(region=mission).exists())
def setUp(self):
super(FileAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
self.oak_region = Region(full_name='Oakland', slug='oak')
self.oak_region.save()
p = Page(region=self.oak_region)
p.content = '<p>Lake Merritt here</p>'
p.name = 'Lake Merritt'
p.save()
self.lake_merritt = p
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
pf = PageFile(name="file.txt", slug='duboce park', region=self.sf_region)
pf.save()
pf.file.save('file.txt', ContentFile('foo'))
pf = PageFile(name="file_other.txt", slug='duboce park', region=self.sf_region)
pf.save()
pf.file.save('file_other.txt', ContentFile('foo2'))
def setUp(self):
super(PageAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
self.oak_region = Region(full_name='Oakland', slug='oak')
self.oak_region.save()
p = Page(region=self.oak_region)
p.content = '<p>Lake Merritt here</p>'
p.name = 'Lake Merritt'
p.save()
self.lake_merritt = p
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
t1 = Tag(name='lake')
t1.save()
t2 = Tag(name='water')
t2.save()
pts = PageTagSet(page=p, region=self.sf_region)
pts.save()
pts.tags = [t1, t2]
class CompleteListFilter(django_filters.FilterSet):
complete = django_filters.ChoiceFilter(
label="Complete",
method="filter_complete",
choices=(
("1", "Complete"),
("0", "Incomplete"),
("", "All"),
),
)
region = django_filters.ChoiceFilter(label="Region",
choices=Region.region_choices(),
method="filter_region")
class Meta:
model = PledgeProgram # This is needed to automatically make year/term
fields = ["region", "year", "term", "complete"]
order_by = ["chapter"]
def filter_complete(self, queryset, field_name, value):
return queryset
def filter_region(self, queryset, field_name, value):
if value == "national":
return queryset
elif value == "candidate_chapter":
queryset = queryset.filter(chapter__candidate_chapter=True)
else:
queryset = queryset.filter(chapter__region__slug=value)
return queryset
class GearArticleListFilter(django_filters.FilterSet):
region = django_filters.ChoiceFilter(
label="Region", choices=Region.region_choices(), method="filter_region"
)
chapter = django_filters.ChoiceFilter(
label="Chapter", choices=Chapter.chapter_choices(), method="filter_chapter"
)
date = DateRangeFilter(label="Submit Date")
class Meta:
fields = ["region", "chapter", "reviewed", "date"]
model = GearArticle
order_by = ["chapter"]
def filter_region(self, queryset, field_name, value):
if value == "national":
return queryset
elif value == "candidate_chapter":
queryset = queryset.filter(chapter__candidate_chapter=True)
else:
queryset = queryset.filter(chapter__region__slug=value)
return queryset
def filter_chapter(self, queryset, field_name, value):
if value:
queryset = queryset.filter(submission__chapter__slug=value)
return queryset
class AdvisorListFilter(django_filters.FilterSet):
region = django_filters.ChoiceFilter(choices=Region.region_choices(),
method="filter_region")
chapter = django_filters.ChoiceFilter(
label="Chapter",
choices=Chapter.chapter_choices(),
method="filter_chapter",
)
class Meta:
model = User
fields = {
"name": ["icontains"],
"chapter": ["exact"],
}
order_by = ["name"]
def filter_region(self, queryset, field_name, value):
if value == "national":
return queryset
elif value == "candidate_chapter":
queryset = queryset.filter(chapter__candidate_chapter=True)
else:
queryset = queryset.filter(chapter__region__slug=value)
return queryset
def get_context_data(self, **kwargs):
ctx = super(UserRegionMixin, self).get_context_data(**kwargs)
regions = Region.get_user_count_by_region()
ctx['regions'] = regions
ctx['total_users'] = sum(
[region['users__count'] for region in regions])
return ctx
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
self.old_allowed_src = getattr(settings, 'EMBED_ALLOWED_SRC', ['.*'])
settings.EMBED_ALLOWED_SRC = ['http://www.youtube.com/embed/.*',
'http://player.vimeo.com/video/.*']
class AuthenticationAPITests(APITestCase):
def setUp(self):
super(AuthenticationAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
# Create auth token for the edit user
self.token = Token.objects.get_or_create(user=self.edit_user)[0]
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
def test_basic_page_post(self):
# Without authentication, a POST should fail
data = {'name': 'Test Page', 'content': '<p>hi</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_401_UNAUTHORIZED)
# Now try with an API token, which should work
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
data = {'name': 'Test Page', 'content': '<p>hi</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
# Now check to make sure the page version was edited by the user associated with the API token
p = Page.objects.get(region=self.sf_region, name="Test Page")
self.assertEqual(p.versions.most_recent().version_info.user, self.edit_user)
def setUp(self):
self.regions = []
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.philip = User(username="******", email="*****@*****.**")
self.philip.save()
self.marina = User(username="******", email="*****@*****.**")
self.marina.save()
# Philip admin of SF
self.sf.regionsettings.admins.add(self.philip)
# Marina admin of Oakland
self.oak.regionsettings.admins.add(self.marina)
def setUp(self):
super(RedirectAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.dolores_park = Page(name="Dolores Park", content="<p>Hi</p>", region=self.sf)
self.dolores_park.save()
self.duboce_park = Page(name="Duboce Park", content="<p>Hi</p>", region=self.sf)
self.duboce_park.save()
self.mission_dolores_park = Redirect(
source="mission dolores park",
destination=self.dolores_park,
region=self.sf
)
self.mission_dolores_park.save()
self.dog_park = Redirect(
source="dog park",
destination=self.duboce_park,
region=self.sf
)
self.dog_park.save()
def atomicEmployeeAndOrder(request):
if request.POST.get("atomic", ""):
region = Region(pk = 5, regiondescription = "Polska");
region.save();
category = Category(categoryname="computers", description="super");
category.save();
if request.POST.get("savepoints", ""):
region = Region(pk = 5, regiondescription = "Polska");
region.save()
try:
spoint = transaction.savepoint()
category = Category(categoryname="computers", description="super")
category.save();
raise Exception("I know python!")
transaction.savepoint_commit(spoint)
except Exception:
transaction.savepoint_rollback(spoint)
return render_to_response("atomic.html",
locals(),
context_instance=RequestContext(request))
def create_superuser(self, email, password, **extra_fields):
chapter = Chapter.objects.first()
if chapter is None:
# this would happen on first install; make a default test region/chapter
from regions.models import Region
region = Region.objects.first()
if region is None:
Region(name="Test Region").save()
region = Region.objects.first()
Chapter(name="Test Chapter", region=region).save()
chapter = Chapter.objects.first()
extra_fields.setdefault("chapter", chapter)
super().create_superuser(email=email,
password=password,
**extra_fields)
def __init__(self, *args, **kwargs):
natoff = kwargs.get("natoff", False)
if natoff:
kwargs.pop("natoff")
self.base_filters["region"] = django_filters.ChoiceFilter(
choices=Region.region_choices(), method="filter_region"
)
self.base_filters["chapter"] = django_filters.ChoiceFilter(
label="Chapter",
choices=Chapter.chapter_choices(),
method="filter_chapter",
)
self.base_filters["pictures"] = django_filters.ChoiceFilter(
label="Pictures",
choices=((True, "1+"), (False, "None")),
method="filter_pictures",
)
super().__init__(*args, **kwargs)
class ChapterBalanceListFilter(django_filters.FilterSet):
region = django_filters.ChoiceFilter(label="Region",
choices=Region.region_choices(),
method="filter_region")
class Meta:
model = Invoice
fields = [
"region",
]
def filter_region(self, queryset, field_name, value):
if value == "national":
return queryset
elif value == "candidate_chapter":
queryset = queryset.filter(candidate_chapter=True)
else:
queryset = queryset.filter(region_slug=value)
return queryset
class BallotCompleteFilter(django_filters.FilterSet):
region = django_filters.ChoiceFilter(
label="Region", choices=Region.region_choices(), method="filter_region"
)
class Meta:
model = BallotComplete
fields = [
"region",
"motion",
]
order_by = ["ballot__due_date"]
def filter_region(self, queryset, field_name, value):
if value == "national":
return queryset
elif value == "candidate_chapter":
queryset = queryset.filter(user__chapter__candidate_chapter=True)
else:
queryset = queryset.filter(user__chapter__region__slug=value)
return queryset
class CanonicalURLTests(TestCase):
def has_canonical_url(self, url, request, response):
from phased.middleware import PhasedRenderMiddleware
phased_middleware = PhasedRenderMiddleware()
response = phased_middleware.process_response(request, response)
doc = document_fromstring(response.content)
canonical_urls = doc.findall('.//link[@rel="canonical"]')
if len(canonical_urls) != 1:
return False
return (canonical_urls[0].attrib['href'] == url)
def setUp(self):
from regions.models import Region
from pages.models import Page
from tags.models import Tag, PageTagSet
self.factory = RequestFactory()
# Create a new region and associate a domain with it
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.sf.regionsettings.domain = 'fakename.org'
self.sf.regionsettings.save()
self.user = User.objects.create_user(
username='******', email='*****@*****.**', password='******')
self.user.save()
# Create a page in the SF region
p = Page(name='Parks', content='<p>Hi</p>', region=self.sf)
p.save(user=self.user)
p.content += "!"
p.save(user=self.user)
# Add a tag to the page
t = Tag(name='park', slug='park', region=self.sf)
t.save(user=self.user)
pts = PageTagSet(region=self.sf, page=p)
pts.save(user=self.user)
pts.tags.add(t)
pts.save(user=self.user)
@contextmanager
def mock_hosts_middleware(self, request):
# This is certainly rather annoying, but needed because
# we have to reload everything as we're changing settings
# dynamically.
import django_hosts
reload(django_hosts)
import main.hosts
reload(main.hosts)
import django_hosts.reverse
reload(django_hosts.reverse)
import django_hosts.middleware
reload(django_hosts.middleware)
from django_hosts.middleware import BaseHostsMiddleware
current_urlconf = get_urlconf() or settings.ROOT_URLCONF
middleware = BaseHostsMiddleware()
host, kwargs = middleware.get_host(request.get_host())
request.urlconf = host.urlconf
request.host = host
set_urlconf(host.urlconf)
# Annddd we also need to render the phased template response, too! Whew.
yield
set_urlconf(current_urlconf)
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_front_page(self):
from frontpage.views import FrontPageView
from django_hosts.middleware import HostsMiddlewareRequest
#####################################################
# Just the default / page in a custom domain region
#####################################################
request = self.factory.get('/')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = FrontPageView.as_view()
response = view(request)
canonical_url = 'https://%s/sf/' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# The /Front_Page page in a custom domain region.
#####################################################
request = self.factory.get('/Front_Page')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = FrontPageView.as_view()
response = view(request)
canonical_url = 'https://%s/sf/' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# The /Front_Page page on the main host inside region
#####################################################
request = self.factory.get('/sf/Front_Page')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = FrontPageView.as_view()
response = view(request, region='sf')
canonical_url = '/sf/'
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# The /FRONT_pAgE (changed capitalization)
#####################################################
request = self.factory.get('/sf/FRONT_pAgE')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = FrontPageView.as_view()
response = view(request, region='sf')
canonical_url = '/sf/'
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_page_names(self):
from pages.views import PageDetailView
from pages.urls import slugify
from django_hosts.middleware import HostsMiddlewareRequest
#####################################################
# A regular page on a custom domain
#####################################################
request = self.factory.get('/Parks')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = slugify(PageDetailView.as_view())
response = view(request, slug='Parks')
canonical_url = 'https://%s/sf/Parks' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Now let's try it with an alternative capitalization
#####################################################
request = self.factory.get('/PArkS')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = slugify(PageDetailView.as_view())
response = view(request, slug='PArkS')
canonical_url = 'https://%s/sf/Parks' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Regular page viewing directly on the main host
#####################################################
request = self.factory.get('/sf/Parks')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = slugify(PageDetailView.as_view())
response = view(request, slug='Parks', region='sf')
response.render()
# Directly on the canonical url, so it shouldn't be rendered
self.assertFalse(self.has_canonical_url('', request, response))
#####################################################
# Capitalization variant viewed on the main host
#####################################################
request = self.factory.get('/sf/PArks')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = slugify(PageDetailView.as_view())
response = view(request, slug='PArks', region='sf')
canonical_url = '/sf/Parks'
response.render()
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_search(self):
from search.urls import haystack_search, global_search
from django_hosts.middleware import HostsMiddlewareRequest
#####################################################
# Search page on custom domain
#####################################################
request = self.factory.get('/_rsearch/?q=parks')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = haystack_search
response = view(request)
canonical_url = 'https://%s/_rsearch/sf?q=parks' % settings.MAIN_HOSTNAME
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Search page on main domain
#####################################################
request = self.factory.get('/_rsearch/sf?q=parks')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = haystack_search
response = view(request, region='sf')
canonical_url = ''
# On host, so no canonical url
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_activity(self):
from activity.views import RegionActivity
#####################################################
# Activity page on custom domain
#####################################################
request = self.factory.get('/_activity')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = RegionActivity.as_view()
response = view(request)
canonical_url = 'https://%s/sf/_activity' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Activity page on normal region
#####################################################
request = self.factory.get('/sf/_activity')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = RegionActivity.as_view()
response = view(request, region='sf')
canonical_url = ''
response.render()
# No canonical URL emitted
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_map(self):
from maps.views import MapFullRegionView
#####################################################
# Main map on custom domain
#####################################################
request = self.factory.get('/map/')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = MapFullRegionView.as_view()
response = view(request)
canonical_url = 'https://%s/sf/map/' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Main map on normal region
#####################################################
request = self.factory.get('/sf/map/')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = MapFullRegionView.as_view()
response = view(request, region='sf')
canonical_url = ''
response.render()
# No canonical URL emitted
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_tags(self):
from tags.views import TaggedList
#####################################################
# List of tagged pages on custom domain
#####################################################
request = self.factory.get('/tags/park')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = TaggedList.as_view()
response = view(request, slug='park')
canonical_url = 'https://%s/sf/tags/park' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Main map on normal region
#####################################################
request = self.factory.get('/sf/tags/park')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = TaggedList.as_view()
response = view(request, slug='park', region='sf')
canonical_url = ''
response.render()
# No canonical URL emitted
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_map_for_tags(self):
from maps.views import MapForTag
#####################################################
# Map of tagged pages on custom domain
#####################################################
request = self.factory.get('/map/tags/park')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = MapForTag.as_view()
response = view(request, tag='park')
canonical_url = 'https://%s/sf/map/tags/park' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Main map on normal region
#####################################################
request = self.factory.get('/sf/map/tags/park')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = MapForTag.as_view()
response = view(request, tag='park', region='sf')
canonical_url = ''
response.render()
# No canonical URL emitted
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_page_info(self):
from pages.urls import slugify
from pages.views import PageVersionsList
#####################################################
# Page info on custom domain
#####################################################
request = self.factory.get('/Parks/_history/')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = slugify(PageVersionsList.as_view())
response = view(request, slug='Parks')
canonical_url = 'https://%s/sf/Parks/_history/' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Main map on normal region
#####################################################
request = self.factory.get('/sf/Parks/_history/')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = slugify(PageVersionsList.as_view())
response = view(request, slug='Parks', region='sf')
canonical_url = ''
response.render()
# No canonical URL emitted
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
@override_settings(CUSTOM_HOSTNAMES=['fakename.org'])
def test_canonical_page_diff(self):
from pages.urls import slugify
from pages.views import PageCompareView
#####################################################
# Page diff on custom domain
#####################################################
request = self.factory.get('/Parks/_history/2...1')
request.user = self.user
request.META['HTTP_HOST'] = self.sf.regionsettings.domain
with self.mock_hosts_middleware(request):
view = slugify(PageCompareView.as_view())
response = view(request, slug='Parks', version1='2', version2='1')
canonical_url = 'https://%s/sf/Parks/_history/2...1' % settings.MAIN_HOSTNAME
response.render()
self.assertTrue(self.has_canonical_url(canonical_url, request, response))
#####################################################
# Page diff on a normal region
#####################################################
request = self.factory.get('/sf/Parks/_history/2...1')
request.user = self.user
request.META['HTTP_HOST'] = settings.MAIN_HOSTNAME
with self.mock_hosts_middleware(request):
view = slugify(PageCompareView.as_view())
response = view(request, slug='Parks', region='sf', version1='2', version2='1')
canonical_url = ''
response.render()
# No canonical URL emitted
self.assertFalse(self.has_canonical_url(canonical_url, request, response))
def setUp(self):
self.region = Region(full_name="Test Region", slug="test_region")
self.region.save()
def setUp(self):
super(MapAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.golden_gate_park = Page(name="Golden Gate Park", content="<p>Hi</p>", region=self.sf)
self.golden_gate_park.save()
self.dolores_park = Page(name="Dolores Park", content="<p>Hi</p>", region=self.sf)
self.dolores_park.save()
self.duboce_park = Page(name="Duboce Park", content="<p>Hi</p>", region=self.sf)
self.duboce_park.save()
self.dolores_park_map = MapData(page=self.dolores_park, region=self.sf)
self.dolores_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}""")
self.dolores_park_map.save()
self.duboce_park_map = MapData(page=self.duboce_park, region=self.sf)
self.duboce_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.43505239486696,
37.770443352285376
],
[
-122.43490219116211,
37.76917121614543
],
[
-122.431640625,
37.769408683219545
],
[
-122.43179082870485,
37.76991753866766
],
[
-122.43460178375243,
37.769713996908635
],
[
-122.43505239486696,
37.770443352285376
]
]
]
}
]
}
""")
self.duboce_park_map.save()
class PageAPITests(APITestCase):
def setUp(self):
super(PageAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
self.oak_region = Region(full_name='Oakland', slug='oak')
self.oak_region.save()
p = Page(region=self.oak_region)
p.content = '<p>Lake Merritt here</p>'
p.name = 'Lake Merritt'
p.save()
self.lake_merritt = p
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
t1 = Tag(name='lake')
t1.save()
t2 = Tag(name='water')
t2.save()
pts = PageTagSet(page=p, region=self.sf_region)
pts.save()
pts.tags = [t1, t2]
def test_basic_page_list(self):
response = self.client.get('%s/pages/' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 3)
def test_basic_page_detail(self):
response = self.client.get('%s/pages/?slug=dolores%%20park' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
self.assertEqual(jresp['results'][0]['name'], 'Dolores Park')
def test_basic_page_post(self):
self.client.force_authenticate(user=self.edit_user)
data = {'name': 'Test Page', 'content': '<p>hi</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
def test_basic_page_delete(self):
self.client.force_authenticate(user=self.edit_user)
# First, let's create
data = {'name': 'Test Page for delete', 'content': '<p>hi</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
jresp = json.loads(resp.content)
url = jresp['url']
# Page exists
self.assertTrue(Page.objects.filter(name='Test Page for delete'))
resp = self.client.delete(url, format='json')
self.assertEqual(resp.status_code, status.HTTP_204_NO_CONTENT)
# Page doesn't exist anymore
self.assertFalse(Page.objects.filter(name='Test Page for delete'))
def test_page_post_with_tags(self):
self.client.force_authenticate(user=self.edit_user)
data = {'name': 'Test Page with tags', 'content': '<p>hi with tags</p>',
'tags': ['park', 'fun'],
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
jresp = json.loads(resp.content)
self.assertEqual(set(jresp['tags']), set(['park', 'fun']))
def test_post_no_region(self):
self.client.force_authenticate(user=self.edit_user)
data = {'name': 'Test Page no region', 'content': '<p>hi with tags</p>'}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
def test_filter_tags(self):
response = self.client.get('%s/pages/?tags=lake' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
self.assertEqual(jresp['results'][0]['slug'], 'duboce park')
response = self.client.get('%s/pages/?tags=lake,wifi' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 0)
response = self.client.get('%s/pages/?tags=water,lake' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
def test_post_page_already_exists(self):
self.client.force_authenticate(user=self.edit_user)
data = {'slug': 'dolores park', 'name': 'Dolores Park', 'content': '<p>hi exists</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
try:
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
#except (IntegrityError, DatabaseError):
except:
# XXX TODO: make this more specific. Had to make it catch-all to fix a problem with
# context missing from the request here!?!
pass
else:
self.assertTrue(False)
def test_filter_slug(self):
response = self.client.get('%s/pages/?slug__icontains=PaRk' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 2)
response = self.client.get('%s/pages/?slug__istartswith=DOLO' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
self.assertEqual(jresp['results'][0]['slug'], 'dolores park')
def test_chained_region_filter(self):
response = self.client.get('%s/pages/?region__slug__icontains=ak' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
response = self.client.get('%s/pages/?region__slug__istartswith=o' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
self.assertEqual(jresp['results'][0]['slug'], 'lake merritt')
def test_basic_page_put(self):
self.client.force_authenticate(user=self.edit_user)
data = {'name': 'Duboce Park', 'content': '<p>hi new content</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
jresp = json.loads(resp.content)
# Make sure the tags are still there even though we didn't update them.
self.assertEqual(jresp['content'], '<p>hi new content</p>')
self.assertEqual(set(jresp['tags']), set(['lake', 'water']))
def test_basic_page_patch(self):
self.client.force_authenticate(user=self.edit_user)
data = {'name': 'Duboce PARK'}
resp = self.client.patch('%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
jresp = json.loads(resp.content)
self.assertEqual(jresp['content'], '<p>Duboce Park here</p>')
self.assertEqual(jresp['name'], 'Duboce PARK')
def test_change_page_name(self):
self.client.force_authenticate(user=self.edit_user)
data = {'name': 'Duboce Cat'}
resp = self.client.patch('%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
jresp = json.loads(resp.content)
self.assertEqual(jresp['content'], '<p>Duboce Park here</p>')
self.assertEqual(jresp['name'], 'Duboce Cat')
# Redirect should exist, as the page should have been renamed
self.assertTrue(Redirect.objects.filter(source='duboce park').exists())
redirect = Redirect.objects.get(source='duboce park')
self.assertEqual(redirect.destination, Page.objects.get(slug='duboce cat'))
def test_page_validation(self):
self.client.force_authenticate(user=self.edit_user)
# PATCH existing
data = {'slug': 'Du~~!!! lolololol vv------_c0c$$/-_/-._<hi>',
'content': '<p>lol</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.patch('%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
jresp = json.loads(resp.content)
self.assertEqual(jresp['slug'], 'duboce park')
# POST new
data = {'name': 'Du~~!!! lolololol vv------_c0c$$/-_/-._<hi>',
'slug': 'Du~~!!! lolololol vv------_c0c$$/-_/-._<hi>',
'content': '<p>lol</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
jresp = json.loads(resp.content)
self.assertEqual(jresp['slug'], slugify('Du~~!!! lolololol vv------ c0c$$/-/-. <hi>'))
# Empty slug
data = {'name': '',
'slug': '',
'content': '<p>lol empty</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
# Evil HTML
data = {'name': 'Evil',
'content': '<p>lol empty <script>alert("hi");</script></p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.post('%s/pages/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
jresp = json.loads(resp.content)
self.assertEqual(jresp['content'], '<p>lol empty <script>alert("hi");</script></p>')
def test_page_permissions(self):
self.client.force_authenticate(user=self.edit_user)
# Make it so only edit_user_2 can edit the Dolores Park page
assign_perm('change_page', self.edit_user_2, self.dolores_park)
# Now try and update it as edit_user
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, self.dolores_park)
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
##################################################################################
# Let's also test to see that a general 'ban' of a user restricts page editing
##################################################################################
# First, ban from the region
banned, created = BannedFromRegion.objects.get_or_create(region=self.sf_region)
banned.users.add(self.edit_user)
# Now try and update a page as edit_user
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
banned.users.remove(self.edit_user)
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
# Now, let's try a global ban using the banned group
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.edit_user.groups.add(banned)
# Now try and update a page as edit_user
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
self.edit_user.groups.remove(banned)
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
resp = self.client.put('%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
class HTMLToTemplateTextTest(TestCase):
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
def test_plaintext(self):
html = "No XHTML"
imports = ''.join(tag_imports)
self.assertEqual(html_to_template_text(html), imports + "No XHTML")
def test_django_tags_escaped(self):
html = "<div>{% if 1 %}evil{% endif %}</div>"
template_text = html_to_template_text(html)
imports = ''.join(tag_imports)
self.assertEqual(
template_text,
imports +
"<div>{% if 1 %}evil{% endif %}</div>"
)
html = "<div>{{% if 1 %}}evil{{% endif %}}</div>"
template_text = html_to_template_text(html)
self.assertEqual(
template_text,
imports + (
"<div>{{% if 1 %}}evil"
"{{% endif %}}</div>")
)
# malicious use of intermediate sanitization
html = "<div>{amp}</div>"
template_text = html_to_template_text(html)
self.assertEqual(
template_text,
imports + (
"<div>{amp}</div>")
)
# preserves entities
html = '<div>&< then {</div>'
template_text = html_to_template_text(html)
self.assertEqual(
template_text,
imports + (
"<div>&< then {</div>")
)
def test_link_tag(self):
html = '<div><a href="http://example.org"></a></div>'
template_text = html_to_template_text(html)
imports = ''.join(tag_imports)
self.assertEqual(template_text,
imports +
'<div>{% link "http://example.org" %}{% endlink %}</div>')
html = '<div><a href="http://example.org">hi!</a></div>'
template_text = html_to_template_text(html)
self.assertEqual(template_text,
imports +
'<div>{% link "http://example.org" %}hi!{% endlink %}</div>')
html = '<div><a href="http://example.org">hi!</a></div>'
template_text = html_to_template_text(html)
self.assertEqual(template_text,
imports +
'<div>{% link "http://example.org" %}hi!{% endlink %}</div>')
def test_link_to_tag(self):
a = Page(name='Front Page', region=self.region)
a.content = (u'<a href="tags/cats">dummy</a>')
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html, u'<a href="tags/cats" class="tag_link">dummy</a>')
def test_link_to_anchor_relative(self):
a = Page(name='Front Page', region=self.region)
a.content = (u'<a href="A%20Page#anchor">dummy</a>')
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html, u'<a href="/test-region/A_Page#anchor" class="missing_link">dummy</a>')
a.content = (u'<a href="#justanchor">dummy</a>')
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html, u'<a href="#justanchor">dummy</a>')
def test_nbsp_outside_of_element(self):
html = u'a\xa0<strong>\xa0</strong>\n'
imports = ''.join(tag_imports)
template_text = html_to_template_text(html)
self.assertEqual(template_text, imports +
u'a\xa0<strong>\xa0</strong>\n')
def test_empty_a_element(self):
html = '<p><a name="blah"></a></p>'
imports = ''.join(tag_imports)
template_text = html_to_template_text(html, context=self.context)
self.assertEqual(template_text, imports + '<p><a name="blah"></a></p>')
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
def setUp(self):
super(MapAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.golden_gate_park = Page(name="Golden Gate Park",
content="<p>Hi</p>",
region=self.sf)
self.golden_gate_park.save()
self.dolores_park = Page(name="Dolores Park",
content="<p>Hi</p>",
region=self.sf)
self.dolores_park.save()
self.duboce_park = Page(name="Duboce Park",
content="<p>Hi</p>",
region=self.sf)
self.duboce_park.save()
self.dolores_park_map = MapData(page=self.dolores_park, region=self.sf)
self.dolores_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}""")
self.dolores_park_map.save()
self.duboce_park_map = MapData(page=self.duboce_park, region=self.sf)
self.duboce_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.43505239486696,
37.770443352285376
],
[
-122.43490219116211,
37.76917121614543
],
[
-122.431640625,
37.769408683219545
],
[
-122.43179082870485,
37.76991753866766
],
[
-122.43460178375243,
37.769713996908635
],
[
-122.43505239486696,
37.770443352285376
]
]
]
}
]
}
""")
self.duboce_park_map.save()
class UserRoleListFilter(django_filters.FilterSet):
current_status = django_filters.ChoiceFilter(
choices=[
("active", "active"),
("pnm", "prospective"),
],
method="filter_current_status",
)
role = django_filters.MultipleChoiceFilter(choices=UserRoleChange.ROLES,
method="filter_role")
region = django_filters.ChoiceFilter(choices=Region.region_choices(),
method="filter_region")
major = django_filters.ModelChoiceFilter(
queryset=ChapterCurricula.objects.none(),
method="filter_major",
)
chapter = django_filters.ChoiceFilter(
label="Chapter",
choices=Chapter.chapter_choices(),
method="filter_chapter",
)
class Meta:
model = User
fields = {
"name": ["icontains"],
"major": ["exact"],
"graduation_year": ["icontains"],
"chapter": ["exact"],
}
order_by = ["name"]
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.filters["major"].queryset = ChapterCurricula.objects.values_list(
"major",
flat=True,
).distinct()
def filter_current_status(self, queryset, field_name, value):
if value:
queryset = queryset.filter(current_status=value)
return queryset
def filter_role(self, queryset, field_name, value):
if value:
queryset = queryset.filter(roles__role__in=value,
roles__end__gte=TODAY_END)
return queryset
def filter_region(self, queryset, field_name, value):
if value == "national":
return queryset
elif value == "candidate_chapter":
queryset = queryset.filter(chapter__candidate_chapter=True)
else:
queryset = queryset.filter(chapter__region__slug=value)
return queryset
def filter_major(self, queryset, field_name, value):
if value:
queryset = queryset.filter(major__major=value.major)
return queryset
def filter_chapter(self, queryset, field_name, value):
if value:
queryset = queryset.filter(chapter__slug=value)
return queryset
def setUp(self):
self.region = Region(full_name='Test Region', slug='test_region')
self.region.save()
class MapAPITests(APITestCase):
def setUp(self):
super(MapAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(username="******",
email="*****@*****.**",
password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(
name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.golden_gate_park = Page(name="Golden Gate Park",
content="<p>Hi</p>",
region=self.sf)
self.golden_gate_park.save()
self.dolores_park = Page(name="Dolores Park",
content="<p>Hi</p>",
region=self.sf)
self.dolores_park.save()
self.duboce_park = Page(name="Duboce Park",
content="<p>Hi</p>",
region=self.sf)
self.duboce_park.save()
self.dolores_park_map = MapData(page=self.dolores_park, region=self.sf)
self.dolores_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}""")
self.dolores_park_map.save()
self.duboce_park_map = MapData(page=self.duboce_park, region=self.sf)
self.duboce_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.43505239486696,
37.770443352285376
],
[
-122.43490219116211,
37.76917121614543
],
[
-122.431640625,
37.769408683219545
],
[
-122.43179082870485,
37.76991753866766
],
[
-122.43460178375243,
37.769713996908635
],
[
-122.43505239486696,
37.770443352285376
]
]
]
}
]
}
""")
self.duboce_park_map.save()
def test_map_list(self):
response = self.client.get('%s/maps/' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 2)
def test_map_simple_post(self):
self.client.force_authenticate(user=self.edit_user)
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.golden_gate_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.post('%s/maps/' % self.API_ROOT,
data,
format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
def test_page_chained_filter(self):
response = self.client.get('%s/maps/?page__slug__icontains=dolores' %
self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
def test_geo_filter(self):
response = self.client.get(
'%s/maps/?polys__contains={ "type": "Point", "coordinates": [ -122.42724180221558, 37.75988395932576 ] }'
% self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
def test_map_permissions(self):
self.client.force_authenticate(user=self.edit_user)
# Make it so only edit_user_2 can edit the Dolores Park page
assign_perm('change_page', self.edit_user_2, self.dolores_park)
# Now try and update the "dolores park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.dolores_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.put('%s/maps/%s/' %
(self.API_ROOT, self.dolores_park_map.id),
data,
format='json')
self.assertIn(
resp.status_code,
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, self.dolores_park)
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.dolores_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.put('%s/maps/%s/' %
(self.API_ROOT, self.dolores_park_map.id),
data,
format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
##################################################################################
# Let's also test a normal POST to a protected page which doesn't yet have a map
##################################################################################
new_park = Page(name="New Park", content="<p>Hi</p>", region=self.sf)
new_park.save()
# Make it so only edit_user_2 can edit the Dolores Park page
assign_perm('change_page', self.edit_user_2, new_park)
# Now try and create the "New Park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {
'page':
'http://testserver%s/pages/%s/' % (self.API_ROOT, new_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.post('%s/maps/' % self.API_ROOT,
data,
format='json')
self.assertIn(
resp.status_code,
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, new_park)
data = {
'page':
'http://testserver%s/pages/%s/' % (self.API_ROOT, new_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.post('%s/maps/' % self.API_ROOT,
data,
format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
##################################################################################
# Let's also test to see that a general 'ban' of a user restricts map editing
##################################################################################
# First, ban from the region
banned, created = BannedFromRegion.objects.get_or_create(
region=self.sf)
banned.users.add(self.edit_user)
# Now try and update the "dolores park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.dolores_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.put('%s/maps/%s/' %
(self.API_ROOT, self.dolores_park_map.id),
data,
format='json')
self.assertIn(
resp.status_code,
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
banned.users.remove(self.edit_user)
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.dolores_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.put('%s/maps/%s/' %
(self.API_ROOT, self.dolores_park_map.id),
data,
format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
# Now, let's try a global ban using the banned group
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.edit_user.groups.add(banned)
# Now try and update the "dolores park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.dolores_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.put('%s/maps/%s/' %
(self.API_ROOT, self.dolores_park_map.id),
data,
format='json')
self.assertIn(
resp.status_code,
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
self.edit_user.groups.remove(banned)
data = {
'page':
'http://testserver%s/pages/%s/' %
(self.API_ROOT, self.dolores_park.id),
'geom':
geojson,
'region':
'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)
}
resp = self.client.put('%s/maps/%s/' %
(self.API_ROOT, self.dolores_park_map.id),
data,
format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
class PageTest(TestCase):
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
def test_clean_name(self):
self.assertEqual(clean_name(' Front Page '), 'Front Page')
self.assertEqual(clean_name('_edit'), 'edit')
self.assertEqual(clean_name('Front Page /_edit'), 'Front Page/edit')
self.assertEqual(clean_name('/Front Page/'), 'Front Page')
self.assertEqual(clean_name('Front Page// /'), 'Front Page')
def test_url_to_name(self):
self.assertEqual(url_to_name('Front_Page'), 'Front Page')
self.assertEqual(url_to_name('Ben_%26_Jerry%27s'), "Ben & Jerry's")
def test_name_to_url(self):
self.assertEqual(name_to_url('Front Page'), 'Front_Page')
self.assertEqual(name_to_url("Ben & Jerry's"), 'Ben_%26_Jerry%27s')
def test_slugify(self):
# spaces and casing
self.assertEqual(slugify('Front Page'), 'front page')
self.assertEqual(slugify('fRoNt PaGe'), 'front page')
self.assertEqual(slugify('Front_Page'), 'front page')
self.assertEqual(slugify('Front+Page'), 'front page')
self.assertEqual(slugify('Front%20Page'), 'front page')
# slashes
self.assertEqual(slugify('Front Page/Talk'), 'front page/talk')
self.assertEqual(slugify('Front Page%2FTalk'), 'front page/talk')
# extra spaces
self.assertEqual(slugify(' I N C E P T I O N '),
'i n c e p t i o n')
# quotes and other stuff
self.assertEqual(slugify("Ben & Jerry's"), "ben & jerry's")
self.assertEqual(slugify("Ben & Jerry's"), "ben & jerry's")
self.assertEqual(slugify("Ben_%26_Jerry's"), "ben & jerry's")
self.assertEqual(slugify('Manny "Pac-Man" Pacquaio'),
'manny "pac-man" pacquaio')
self.assertEqual(slugify("Where am I?"), "where am i")
self.assertEqual(slugify("What the @#$!!"), "what the @$!!")
# unicode
self.assertEqual(slugify("Заглавная Страница".decode('utf-8')),
'заглавная страница'.decode('utf-8').lower())
encoded = ("%D0%B7%D0%B0%D0%B3%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F"
"_%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0")
self.assertEqual(slugify(encoded),
'заглавная страница'.decode('utf-8'))
self.assertEqual(slugify("Заглавная%20Страница".decode('utf-8')),
'заглавная страница'.decode('utf-8'))
# idempotent?
a = 'АЯ `~!@#$%^&*()-_+=/\|}{[]:;"\'<>.,'
self.assertEqual(slugify(a), 'ая !@$%&*()- /"\'.,'.decode('utf-8'))
self.assertEqual(slugify(a), slugify(slugify(a)))
def test_pretty_slug(self):
a = Page(name='Front Page', region=self.region)
self.assertEqual(a.pretty_slug, 'Front_Page')
a = Page(name='Front Page/Talk', region=self.region)
self.assertEqual(a.pretty_slug, 'Front_Page/Talk')
a = Page(name="Ben & Jerry's", region=self.region)
self.assertEqual(a.pretty_slug, "Ben_%26_Jerry%27s")
a = Page(name='Заглавная Страница', region=self.region)
slug = ("%D0%97%D0%B0%D0%B3%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F"
"_%D0%A1%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0")
assert slug == quote('Заглавная_Страница')
self.assertEqual(a.pretty_slug, slug)
def test_merge_conflict(self):
p = Page(region=self.region)
p.content = '<p>old content</p>'
p.name = 'Front Page'
p.save()
a = PageForm(instance=p)
b = PageForm(instance=p)
b_post = b.initial
b_post['content'] = '<p>b content</p>'
b = PageForm(b_post, instance=p)
self.failUnless(b.is_valid())
b.save()
p = Page.objects.get(pk=p.pk)
a_post = a.initial
a_post['content'] = '<p>a content</p>'
a = PageForm(a_post, instance=p)
self.failIf(a.is_valid())
# + '' to force evaluation of lazy string
self.failUnless(str(PageForm.conflict_error + '') in str(a.errors))
a_post = a.data
a = PageForm(a_post, instance=p)
self.failUnless(a.is_valid())
a.save()
p = Page.objects.get(pk=p.pk)
self.failUnless('Edit conflict!' in p.content)
def test_page_rename(self):
p = Page(region=self.region)
p.content = "<p>The page content.</p>"
p.name = "Original page"
p.save()
p.rename_to("New page")
# Renamed-to page should exist.
new_p = Page.objects.get(name="New page", region=self.region)
# new_p should have the same content.
self.assertEqual(new_p.content, p.content)
# "Original page" should no longer exist.
pgs = Page.objects.filter(name="Original page", region=self.region)
self.assertEqual(len(pgs), 0)
# and a redirect from "original page" to "New page" should exist.
Redirect.objects.filter(source="original page", destination=new_p, region=self.region)
###########################################################
# Renaming to a page that already exists should raise an
# exception and not affect the original page.
###########################################################
p = Page(region=self.region)
p.content = "<p>Hello, world.</p>"
p.name = "Page A"
p.save()
self.assertRaises(exceptions.PageExistsError, p.rename_to, "New page")
# p should be unaffected. No redirect should be created.
p = Page.objects.get(name="Page A", region=self.region)
self.assertEqual(p.content, "<p>Hello, world.</p>")
self.assertEqual(len(Redirect.objects.filter(source="page a", region=self.region)), 0)
###########################################################
# Renaming should carry along files and FK'ed items that
# point to it.
###########################################################
p = Page(region=self.region)
p.content = "<p>A page with files and a map.</p>"
p.name = "Page With FKs"
p.save()
# Create a file that points at the page.
pf = PageFile(file=ContentFile("foo"), name="file.txt", slug=p.slug, region=self.region)
pf.save()
# Create a redirect that points at the page.
redirect = Redirect(source="foobar", destination=p, region=self.region)
redirect.save()
# Create a map that points at the page.
points = GEOSGeometry("""MULTIPOINT (-122.4378964233400069 37.7971758820830033, -122.3929211425700032 37.7688207875790027, -122.3908612060599950 37.7883584775320003, -122.4056240844700056 37.8013807351830025, -122.4148937988299934 37.8002956347170027, -122.4183270263600036 37.8051784612779969)""")
map = MapData(points=points, page=p, region=self.region)
map.save()
# Add tags to page
tagset = PageTagSet(page=p, region=self.region)
tagset.save()
tag = Tag(name="tag1", region=self.region)
tag.save()
tagset.tags.add(tag)
p.rename_to("New Page With FKs")
new_p = Page.objects.get(name="New Page With FKs", region=self.region)
self.assertEqual(len(MapData.objects.filter(page=new_p, region=self.region)), 1)
self.assertEqual(len(new_p.pagetagset.tags.all()), 1)
# Two redirects: one we created explicitly and one that was
# created during rename_to()
self.assertEqual(len(Redirect.objects.filter(destination=new_p, region=self.region)), 2)
self.assertEqual(len(PageFile.objects.filter(slug=new_p.slug, region=self.region)), 1)
# Renaming should keep slugs pointed at old page /and/ copy
# them to the new page.
self.assertEqual(len(PageFile.objects.filter(slug=p.slug, region=self.region)), 1)
###########################################################
# Renaming with multiple files.
###########################################################
p = Page(region=self.region)
p.content = "<p>A new page with multiple files.</p>"
p.name = "Page with multiple files"
p.save()
# Create a file that points at the page.
pf = PageFile(file=ContentFile("foo"), name="file.txt", slug=p.slug, region=self.region)
pf.save()
pf = PageFile(file=ContentFile("foo2"), name="file2.txt", slug=p.slug, region=self.region)
pf.save()
pf = PageFile(file=ContentFile("foo3"), name="file3.txt", slug=p.slug, region=self.region)
pf.save()
p.rename_to("A page with multiple files 2")
p = Page.objects.get(name="A page with multiple files 2", region=self.region)
self.assertEqual(len(PageFile.objects.filter(slug=p.slug, region=self.region)), 3)
###########################################################
# Reverting a renamed page should be possible and should
# restore files and FK'ed items that were pointed at the
# original page. The renamed-to page should still exist
# after the revert and should still have its own files and
# FK'ed items pointed at it.
###########################################################
p = Page(name="Page With FKs", slug="page with fks", region=self.region)
# get the version right before it was deleted
v_before_deleted = len(p.versions.all()) - 1
p_h = p.versions.as_of(version=v_before_deleted)
p_h.revert_to()
p = Page.objects.get(name="Page With FKs", region=self.region)
self.assertEqual(len(MapData.objects.filter(page=p, region=self.region)), 1)
self.assertEqual(len(PageFile.objects.filter(slug=p.slug, region=self.region)), 1)
p2 = Page.objects.get(name="New Page With FKs")
self.assertEqual(len(MapData.objects.filter(page=p2, region=self.region)), 1)
self.assertEqual(len(PageFile.objects.filter(slug=p2.slug, region=self.region)), 1)
self.assertEqual(len(Redirect.objects.filter(destination=p2, region=self.region)), 1)
###########################################################
# Renaming a page and then renaming it back.
###########################################################
# 1. Simple case
p = Page(name="Page X", content="<p>Foobar</p>", region=self.region)
p.save()
p.rename_to("Page Y")
self.assertEqual(len(Page.objects.filter(name="Page X", region=self.region)), 0)
self.assertEqual(len(Page.objects.filter(name="Page Y", region=self.region)), 1)
p_new = Page.objects.get(name="Page Y", region=self.region)
p_new.rename_to("Page X")
self.assertEqual(len(Page.objects.filter(name="Page X", region=self.region)), 1)
self.assertEqual(len(Page.objects.filter(name="Page Y", region=self.region)), 0)
# 2. If we have FKs pointed at the page this shouldn't be
# totally f****d.
p = Page(name="Page X2", content="<p>Foo X</p>", region=self.region)
p.save()
points = GEOSGeometry("""MULTIPOINT (-122.4378964233400069 37.7971758820830033, -122.3929211425700032 37.7688207875790027, -122.3908612060599950 37.7883584775320003, -122.4056240844700056 37.8013807351830025, -122.4148937988299934 37.8002956347170027, -122.4183270263600036 37.8051784612779969)""")
map = MapData(points=points, page=p, region=self.region)
map.save()
# Create a file that points at the page.
pf = PageFile(file=ContentFile("foooo"), name="file_foo.txt", slug=p.slug, region=self.region)
pf.save()
p.rename_to("Page Y2")
p_new = Page.objects.get(name="Page Y2", region=self.region)
# FK points at the page we renamed to.
self.assertEqual(len(MapData.objects.filter(page=p_new, region=self.region)), 1)
self.assertEqual(len(PageFile.objects.filter(slug=p_new.slug, region=self.region)), 1)
# Now rename it back.
p_new.rename_to("Page X2")
p = Page.objects.get(name="Page X2", region=self.region)
# After rename-back-to, FK points to the renamed-back-to page.
self.assertEqual(len(MapData.objects.filter(page=p, region=self.region)), 1)
self.assertEqual(len(PageFile.objects.filter(slug=p.slug, region=self.region)), 1)
###########################################################
# Renaming a page but keeping the same slug
###########################################################
p = Page(name="Foo A", content="<p>Foo A</p>", region=self.region)
p.save()
p.rename_to("FOO A")
# Name has changed.
self.assertEqual(len(Page.objects.filter(name="FOO A", region=self.region)), 1)
# Has the same history, with a new entry for the name change.
p = Page.objects.get(name="FOO A", region=self.region)
p1, p0 = p.versions.all()
self.assertEqual(p1.name, 'FOO A')
self.assertEqual(p0.name, 'Foo A')
self.assertEqual(p0.content, p1.content)
###########################################################
# Renaming a page twice (A -> B -> C) and then revert A to
# an existing state.
###########################################################
p = Page(name="Bar A", content="<p>Bar A</p>", region=self.region)
p.save()
p.rename_to("Bar B")
p = Page.objects.get(name="Bar B", region=self.region)
p.rename_to("Bar C")
p = Page(name="Bar A", slug="bar a", region=self.region)
p_h = p.versions.as_of(version=1)
p_h.revert_to()
###########################################################
# Renaming a page back and forth and reverting.
###########################################################
p = Page(name="Zoo A", content="<p>Zoo A</p>", region=self.region)
p.save()
p.rename_to("Zoo B")
p = Page.objects.get(name="Zoo B", region=self.region)
p.rename_to("Zoo A")
p = Page.objects.get(name="Zoo A", region=self.region)
p.rename_to("Zoo B")
p = Page(name="Zoo A", slug="zoo a", region=self.region)
p_h = p.versions.as_of(version=1)
p_h.revert_to()
###########################################################
# page A, rename to B, then create new A, rename B to C,
# rename C to B, then revert C to first version
###########################################################
p = Page(name="Mike A", content="<p>A</p>", region=self.region)
p.save()
p.rename_to("Mike B")
new_a = Page(name="Mike A", content="<p>A new</p>", region=self.region)
new_a.save()
p = Page.objects.get(name="Mike B", region=self.region)
p.rename_to("Mike C")
p = Page.objects.get(name="Mike C", region=self.region)
p.rename_to("Mike B")
p_c = Page(name="Mike C", slug="mike c", region=self.region)
p_h = p_c.versions.as_of(version=1)
p_h.revert_to()
###########################################################
# Page rename with links!
###########################################################
from links.models import Link
dogs_p = Page(name="Dogs", slug="dogs", region=self.region, content="<p>what</p>")
dogs_p.save()
p = Page(name="Places to have fun", content='<p><a href="Dogs">a link</a></p>', region=self.region)
p.save()
p.rename_to("Places to have the MOST fun")
new_p = Page.objects.get(name="Places to have the MOST fun", region=self.region)
self.assertEqual(new_p.links.all().count(), 1)
self.assertEqual(new_p.links.all()[0].destination_name, 'Dogs')
self.assertEqual(new_p.links.all()[0].destination, dogs_p)
def index(request, disqus=False, comment_id=None):
""" view that renders a default home"""
user = request.user
activities = user.useractivity_set.prefetch_related('activity__event')
my_pending_activities = activities.filter(
attendance_date__isnull=True,
activity__event__start_date__gte=today(),
)[:3]
incomming_events = Event.objects.incomming().filter(
stage__stage_type=Stage.STAGE_TYPE_ACTIVITY,
stage__is_active=True,
)
comments = Comment.objects.filter(parent=None, public=True)
if not request.user.is_experimenta():
incomming_events = incomming_events.exclude(
activity_type=Event.ACTIVITY_TYPES.EXPERIMENTA
)
comments = comments.exclude(
event__activity_type=Event.ACTIVITY_TYPES.EXPERIMENTA
)
incomming_events = incomming_events[:5]
if comment_id:
comment = comments.filter(id=comment_id).first()
# marks the children of the comment as read
for c in comment.comment_set.all():
c.notification_set.all().update(read=True)
comments = list(comments.exclude(id=comment_id)[:9])
if comment:
comments.insert(0, comment)
else:
comments = list(comments[:10])
# get users by region
regions = Region.get_user_count_by_region()
# get info about total_users except top 3
others = {
'users__count': sum([o['users__count'] for o in regions[3:]]),
'percent': 100-sum([region['percent'] for region in regions[:3]])
}
# total users with region
total_users = sum([region['users__count'] for region in regions])
# institutions with users
institutions_count = Institution.objects.has_users().active().count()
msg = (
u"Su cuenta en La Red se encuentra pendiente"
u" de aprobación. Por lo que no puedes realizar acciones en el"
u" sitio hasta que sea aprobada."
)
if request.user.is_pending():
messages.add_message(
request, messages.ERROR,
msg
)
context = {
'form': CommentForm(),
'interest_list': request.user.interests.all(),
'my_pending_activities': my_pending_activities,
'incomming_events': incomming_events,
'my_pending_activities': my_pending_activities,
'comments': comments,
'navbar_active': 'home',
'institutions_count': institutions_count,
'regions': regions,
'total_users': total_users,
'others': others,
}
return render_to_response(
'index.jade',
context,
context_instance=RequestContext(request),
)
class HTMLToTemplateTextTest(TestCase):
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
def test_plaintext(self):
html = "No XHTML"
imports = ''.join(tag_imports)
self.assertEqual(html_to_template_text(html), imports + "No XHTML")
def test_django_tags_escaped(self):
html = "<div>{% if 1 %}evil{% endif %}</div>"
template_text = html_to_template_text(html)
imports = ''.join(tag_imports)
self.assertEqual(
template_text, imports +
"<div>{% if 1 %}evil{% endif %}</div>")
html = "<div>{{% if 1 %}}evil{{% endif %}}</div>"
template_text = html_to_template_text(html)
self.assertEqual(
template_text,
imports + ("<div>{{% if 1 %}}evil"
"{{% endif %}}</div>"))
# malicious use of intermediate sanitization
html = "<div>{amp}</div>"
template_text = html_to_template_text(html)
self.assertEqual(template_text,
imports + ("<div>{amp}</div>"))
# preserves entities
html = '<div>&< then {</div>'
template_text = html_to_template_text(html)
self.assertEqual(template_text,
imports + ("<div>&< then {</div>"))
def test_link_tag(self):
html = '<div><a href="http://example.org"></a></div>'
template_text = html_to_template_text(html)
imports = ''.join(tag_imports)
self.assertEqual(
template_text, imports +
'<div>{% link "http://example.org" %}{% endlink %}</div>')
html = '<div><a href="http://example.org">hi!</a></div>'
template_text = html_to_template_text(html)
self.assertEqual(
template_text, imports +
'<div>{% link "http://example.org" %}hi!{% endlink %}</div>')
html = '<div><a href="http://example.org">hi!</a></div>'
template_text = html_to_template_text(html)
self.assertEqual(
template_text, imports +
'<div>{% link "http://example.org" %}hi!{% endlink %}</div>')
def test_link_to_tag(self):
a = Page(name='Front Page', region=self.region)
a.content = (u'<a href="tags/cats">dummy</a>')
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
u'<a href="tags/cats" class="tag_link">dummy</a>')
def test_link_to_anchor_relative(self):
a = Page(name='Front Page', region=self.region)
a.content = (u'<a href="A%20Page#anchor">dummy</a>')
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(
html,
u'<a href="/test-region/A_Page#anchor" class="missing_link">dummy</a>'
)
a.content = (u'<a href="#justanchor">dummy</a>')
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html, u'<a href="#justanchor">dummy</a>')
def test_nbsp_outside_of_element(self):
html = u'a\xa0<strong>\xa0</strong>\n'
imports = ''.join(tag_imports)
template_text = html_to_template_text(html)
self.assertEqual(template_text,
imports + u'a\xa0<strong>\xa0</strong>\n')
def test_empty_a_element(self):
html = '<p><a name="blah"></a></p>'
imports = ''.join(tag_imports)
template_text = html_to_template_text(html, context=self.context)
self.assertEqual(template_text, imports + '<p><a name="blah"></a></p>')
class PluginTest(TestCase):
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
self.old_allowed_src = getattr(settings, 'EMBED_ALLOWED_SRC', ['.*'])
settings.EMBED_ALLOWED_SRC = ['http://www.youtube.com/embed/.*',
'http://player.vimeo.com/video/.*']
def tearDown(self):
settings.EMBED_ALLOWED_SRC = self.old_allowed_src
def test_include_tag(self):
html = '<a class="plugin includepage" href="Front_Page">Front Page</a>'
template_text = html_to_template_text(html, context=self.context)
imports = ''.join(tag_imports)
self.assertEqual(template_text,
imports + ('<div class="included_page_wrapper">'
'{% include_page "Front_Page" %}'
'</div>'))
def test_include_plugin(self):
a = Page(name='Front Page', region=self.region)
a.content = '<a class="plugin includepage" href="Explore">dummy</a>'
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
'<div class="included_page_wrapper"><p>Some text</p></div>')
def test_include_plugin_utf8(self):
a = Page(name='Front Page', region=self.region)
a.content = (u'<a class="plugin includepage" '
u'href="青平台基金會">dummy</a>')
a.save()
b = Page(name=u'青平台基金會', region=self.region)
b.content = u'<p>青平台基金會</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html, u'<div class="included_page_wrapper">'
u'<p>青平台基金會</p></div>')
def test_include_showtitle(self):
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage includepage_showtitle"'
' href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
('<div class="included_page_wrapper">'
'<h2><a href="/test-region/Explore">Explore</a></h2>'
'<p>Some text</p>'
'</div>'))
def test_include_left(self):
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage includepage_left"'
' href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
'<div class="included_page_wrapper includepage_left">'
'<p>Some text</p></div>')
def test_include_width(self):
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage" style="width: 100px"'
' href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
('<div class="included_page_wrapper" style="width: 100px;">'
'<p>Some text</p></div>'))
def test_include_nonexistant(self):
""" Should give an error message when including nonexistant page
"""
a = Page(name='Front Page', region=self.region)
a.content = '<a class="plugin includepage" href="New page">dummy</a>'
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.failUnless(('Unable to include <a href="/test-region/New_page"'
' class="missing_link">New page</a>') in html)
def test_endless_include(self):
""" Should detect endless loops and give an error message
"""
a = Page(name='Front Page', region=self.region)
a.content = '<a class="plugin includepage" href="Front_Page">dummy</a>'
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.failUnless(('Unable to include <a href="/test-region/Front_Page">Front Page'
'</a>: endless include loop') in html)
def test_double_include(self):
""" Multiple includes are ok
"""
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage" href="Explore">dummy</a>'
'<a class="plugin includepage" href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
('<div class="included_page_wrapper"><p>Some text</p></div>'
'<div class="included_page_wrapper"><p>Some text</p></div>'))
def test_embed_tag(self):
html = ('<span class="plugin embed"><strong>Hello</strong>'
'</span>')
template_text = html_to_template_text(html)
imports = ''.join(tag_imports)
self.assertEqual(template_text,
imports + ('{% embed_code %} <strong>Hello<'
'/strong> {% endembed_code %}'))
def test_embed_whitelist_reject(self):
html = ('<span class="plugin embed"><iframe src="http://evil.com"'
'></iframe></span>')
template = Template(html_to_template_text(html))
rendered = template.render(Context())
self.failUnless(('The embedded URL is not on the list of approved '
'providers') in rendered)
def test_embed_whitelist_accept(self):
html = ('<span class="plugin embed"><iframe '
'src="http://www.youtube.com/embed/JVRsWAjvQSg"'
'></iframe></span>')
template = Template(html_to_template_text(html))
rendered = template.render(Context())
self.failUnless(
'<iframe src="http://www.youtube.com/embed/JVRsWAjvQSg"></iframe>'
in rendered)
def test_amp_in_link_with_class(self):
page = Page(name='Explore', region=self.region)
html = ('<p><a class="external something" '
'href="http://example.org/?t=1&i=2">hi</a></p>')
template = Template(html_to_template_text(html))
rendered = template.render(Context({'page': page, 'region': self.region}))
self.failUnless('http://example.org/?t=1&i=2' in rendered)
def test_link_nofollow(self):
# Regular
page = Page(name='Explore', region=self.region)
rf = RequestFactory()
request = rf.get('/')
content = ('<p><a href="http://example.org/">hi</a></p>')
template = Template("""
{% load pages_tags %}
{% render_plugins content %}
""")
rendered = template.render(Context({'region': self.region, 'request': request, 'content': content, 'page': page}))
self.failUnless('http://example.org/' in rendered)
self.assertTrue('nofollow' not in rendered)
# Nofollow
page = Page(name='Explore', region=self.region)
rf = RequestFactory()
request = rf.get('/')
content = ('<p><a href="http://example.org/">hi</a></p>')
template = Template("""
{% load pages_tags %}
{% render_plugins_nofollow content %}
""")
rendered = template.render(Context({'region': self.region, 'request': request, 'content': content, 'page': page}))
self.failUnless('http://example.org/' in rendered)
self.assertTrue('nofollow' in rendered)
class MoveRegionTests(TestCase):
def setUp(self):
self.regions = []
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
def test_move_exists(self):
###########################################################
# Moving a page that already exists should just silently
# continue.
###########################################################
p_sf = Page(region=self.sf)
p_sf.content = "<p>Hello, world in SF.</p>"
p_sf.name = "Page A"
p_sf.save()
p_oak = Page(region=self.oak)
p_oak.content = "<p>Hello, world started on Oak.</p>"
p_oak.name = "Page A"
p_oak.save()
move_to_region(self.sf, pages=[p_sf])
# Shouldn't have been moved.
p = Page.objects.filter(region=self.sf, name="Page A")[0]
self.assertEqual(p.content, "<p>Hello, world in SF.</p>")
def test_move_with_fks(self):
###########################################################
# Moving should carry along files and FK'ed items that
# point to it.
###########################################################
p = Page(region=self.sf)
p.content = "<p>A page with files and a map in SF.</p>"
p.name = "Page With FKs"
p.save()
# Create a file that points at the page.
pf = PageFile(file=ContentFile("foo"), name="file.txt", slug=p.slug, region=self.sf)
pf.save()
# Create a redirect that points at the page.
redirect = Redirect(source="foobar", destination=p, region=self.sf)
redirect.save()
# Create a map that points at the page.
points = GEOSGeometry("""MULTIPOINT (-122.4378964233400069 37.7971758820830033, -122.3929211425700032 37.7688207875790027, -122.3908612060599950 37.7883584775320003, -122.4056240844700056 37.8013807351830025, -122.4148937988299934 37.8002956347170027, -122.4183270263600036 37.8051784612779969)""")
map = MapData(points=points, page=p, region=self.sf)
map.save()
# Add tags to page
tagset = PageTagSet(page=p, region=self.sf)
tagset.save()
tag = Tag(name="tag1", region=self.sf)
tag.save()
tagset.tags.add(tag)
move_to_region(self.oak, pages=[p])
# Check to see that the related objects were moved.
p = Page.objects.get(name="Page With FKs", region=self.oak)
self.assertEqual(len(MapData.objects.filter(page=p, region=self.oak)), 1)
self.assertEqual(len(p.pagetagset.tags.all()), 1)
self.assertEqual(len(Redirect.objects.filter(destination=p, region=self.oak)), 1)
self.assertEqual(len(PageFile.objects.filter(slug=p.slug, region=self.oak)), 1)
# Check to see that version history was moved as well
self.assertEquals(p.versions.all().count(), 1)
self.assertEqual(len(MapData.versions.filter(page=p, region=self.oak)), 1)
for pts in p.pagetagset.tags.all():
self.assertEqual(pts.versions.all().count(), 1)
self.assertEqual(len(Redirect.versions.filter(destination=p, region=self.oak)), 1)
self.assertEqual(len(PageFile.versions.filter(slug=p.slug, region=self.oak)), 1)
# ..and that the page is no longer in the SF region
self.assertFalse(Page.objects.filter(region=self.sf, name="Page With FKs").exists())
def test_move_with_existing_file(self):
p = Page(region=self.sf)
p.content = "<p>A page w a file.</p>"
p.name = "Page With File"
p.save()
# Create a file that points at the page.
pf_sf = PageFile(name="file.txt", slug=p.slug, region=self.sf)
pf_sf.file.save("file.txt", ContentFile("foo sf"))
pf_sf.save()
# Make the file already exist on oak
pf_oak = PageFile(name="file.txt", slug=p.slug, region=self.oak)
pf_oak.file.save("file.txt", ContentFile("foo oak"))
pf_oak.save()
move_to_region(self.oak, pages=[p])
# The file shouldn't have been moved because it already exists at the
# destination.
pf = PageFile.objects.get(slug=p.slug, region=self.oak)
self.assertEqual(pf_oak.file.name, pf.file.name)
def test_move_redirects(self):
p = Page(region=self.sf)
p.content = "<p>A page.</p>"
p.name = "Page content"
p.save()
redir = Redirect(
source="short name",
destination=p,
region=self.sf)
redir.save()
move_to_region(self.oak, pages=[p], redirects=[redir])
# Redirect should be in Oak
self.assertEqual(Redirect.objects.filter(region=self.oak).count(), 1)
def test_move_redirect_destination(self):
# Destination page should be transparently moved if not specified
p = Page(region=self.sf)
p.content = "<p>A page.</p>"
p.name = "Page content not moved directly"
p.save()
redir = Redirect(
source="short name",
destination=p,
region=self.sf)
redir.save()
move_to_region(self.oak, redirects=[redir])
# Redirect should be in Oak
self.assertEqual(Redirect.objects.filter(region=self.oak).count(), 1)
# ..and page
self.assertTrue(Page.objects.filter(slug='page content not moved directly', region=self.oak).exists())
def test_move_with_links(self):
from links.models import Link
other = Page(
name="otherexists",
content="<p>blah</p>",
region=self.sf
)
other.save()
p = Page(region=self.sf)
p.content = '<p>A page <a href="otherexists">other</a> and <a href="otherdoesnotexist">other</a>.</p>'
p.name = "Base page"
p.save()
move_to_region(self.oak, pages=[p])
links = Link.objects.filter(source__slug='base page')
self.assertEqual(len(links), 2)
for link in links:
self.assertEqual(link.source.region, self.oak)
self.assertEqual(link.destination, None)
self.assertEqual(link.region, self.oak)
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
class FileAPITests(APITestCase):
def setUp(self):
super(FileAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf_region = Region(full_name='San Francisco', slug='sf')
self.sf_region.save()
self.oak_region = Region(full_name='Oakland', slug='oak')
self.oak_region.save()
p = Page(region=self.oak_region)
p.content = '<p>Lake Merritt here</p>'
p.name = 'Lake Merritt'
p.save()
self.lake_merritt = p
p = Page(region=self.sf_region)
p.content = '<p>Dolores Park here</p>'
p.name = 'Dolores Park'
p.save()
self.dolores_park = p
p = Page(region=self.sf_region)
p.content = '<p>Duboce Park here</p>'
p.name = 'Duboce Park'
p.save()
self.duboce_park = p
pf = PageFile(name="file.txt", slug='duboce park', region=self.sf_region)
pf.save()
pf.file.save('file.txt', ContentFile('foo'))
pf = PageFile(name="file_other.txt", slug='duboce park', region=self.sf_region)
pf.save()
pf.file.save('file_other.txt', ContentFile('foo2'))
def test_basic_file_list(self):
response = self.client.get('%s/files/' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 2)
def test_basic_file_detail(self):
response = self.client.get('%s/files/?slug=duboce%%20park&name=file.txt' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
self.assertEqual(jresp['results'][0]['name'], 'file.txt')
def test_basic_file_post(self):
self.client.force_authenticate(user=self.edit_user)
# Test a multipart file post
file = StringIO("foo hi")
file.name = "test_new_hi.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi.txt',
'slug': 'duboce park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
jresp = json.loads(resp.content)
self.assertEqual(jresp['name'], 'test_new_hi.txt')
def test_file_permissions(self):
self.client.force_authenticate(user=self.edit_user)
# Make it so only edit_user_2 can edit the Dolores Park page
assign_perm('change_page', self.edit_user_2, self.dolores_park)
# Now try and upload a file to it as edit_user
file = StringIO("foo hi2")
file.name = "test_new_hi3.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi3.txt',
'slug': 'dolores park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, self.dolores_park)
file = StringIO("foo hi2")
file.name = "test_new_hi3.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi3.txt',
'slug': 'dolores park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
##################################################################################
# Let's also test to see that a general 'ban' of a user restricts file upload
##################################################################################
# First, ban from the region
banned, created = BannedFromRegion.objects.get_or_create(region=self.sf_region)
banned.users.add(self.edit_user)
# Now try and upload a file as edit_user
file = StringIO("foo hi4")
file.name = "test_new_hi4.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi4.txt',
'slug': 'dolores park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
banned.users.remove(self.edit_user)
file = StringIO("foo hi2")
file.name = "test_new_hi4.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi4.txt',
'slug': 'dolores park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
data = {'name': 'Dolores Park', 'content': '<p>hi new content by edituser</p>', 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id)}
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
# Now, let's try a global ban using the banned group
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.edit_user.groups.add(banned)
# Now try and upload an image to the page as edit_user
file = StringIO("foo hi2")
file.name = "test_new_hi5.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi5.txt',
'slug': 'dolores park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
self.edit_user.groups.remove(banned)
file = StringIO("foo hi5")
file.name = "test_new_hi5.txt"
data = {
'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf_region.id),
'name': 'test_new_hi5.txt',
'slug': 'dolores park',
'file': file,
}
resp = self.client.post('%s/files/' % self.API_ROOT, data)
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
class RedirectAPITests(APITestCase):
def setUp(self):
super(RedirectAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.dolores_park = Page(name="Dolores Park", content="<p>Hi</p>", region=self.sf)
self.dolores_park.save()
self.duboce_park = Page(name="Duboce Park", content="<p>Hi</p>", region=self.sf)
self.duboce_park.save()
self.mission_dolores_park = Redirect(
source="mission dolores park",
destination=self.dolores_park,
region=self.sf
)
self.mission_dolores_park.save()
self.dog_park = Redirect(
source="dog park",
destination=self.duboce_park,
region=self.sf
)
self.dog_park.save()
def test_redirect_list(self):
response = self.client.get('%s/redirects/' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 2)
def test_redirect_simple_post(self):
self.client.force_authenticate(user=self.edit_user)
data = {'source': 'redirect from pg', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/redirects/' % self.API_ROOT, data, format='json')
jresp = json.loads(resp.content)
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
self.assertEqual(jresp['source'], 'redirect from pg')
def test_redirect_destination_noexist(self):
self.client.force_authenticate(user=self.edit_user)
data = {'source': 'redirect from pg', 'destination': 'http://testserver%s/pages/3585484585/' % self.API_ROOT, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/redirects/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
def test_destination_chained_filter(self):
response = self.client.get('%s/redirects/?destination__slug__icontains=dolores' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
def test_redirect_permissions(self):
self.client.force_authenticate(user=self.edit_user)
# We want to tie the redirect permissions should be tied to the
# Redirect object -and- the Page object that's associated with the
# redirect. This is so that if, for instance, Page(name="Front Page")
# is only editable by a certain group, creating a Redirect from
# "Front Page" to somewhere is similarly protected.
#####################################################################################
# 1. Redirect already exists, redirects.change_redirect / redirects.delete_redirect
# should be checked.
#####################################################################################
# Make it so only edit_user_2 can edit the Mission Dolores Park redirect
assign_perm('change_redirect', self.edit_user_2, self.mission_dolores_park)
# Now try and update the "Mission Dolores Park" redirect as edit_user
data = {'source': 'mission dolores park', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/redirects/%s/' % (self.API_ROOT, self.mission_dolores_park.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_redirect', self.edit_user_2, self.mission_dolores_park)
data = {'source': 'mission dolores park', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/redirects/%s/' % (self.API_ROOT, self.mission_dolores_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
#####################################################################################
# 2. Redirect doesn't exist yet but a `source` page does.
# pages.change_page should be checked.
#####################################################################################
# Let's create a page
p = Page(
name="Oasis",
content="<p>Blah</p>",
region=self.sf
)
p.save()
# and then set permissions to restrict it from being edited by `edit_user`
assign_perm('change_page', self.edit_user_2, p)
# now let's try and create a redirect from "oasis" to "duboce park" as `edit_user`:
data = {'source': 'oasis', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/redirects/' % self.API_ROOT, data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, p)
data = {'source': 'oasis', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/redirects/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
#####################################################################################
## Let's also test to see that a general 'ban' of a user restricts redirect creation
#####################################################################################
# First, ban from the region
banned, created = BannedFromRegion.objects.get_or_create(region=self.sf)
banned.users.add(self.edit_user)
data = {'source': 'mission dolores park', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/redirects/%s/' % (self.API_ROOT, self.mission_dolores_park.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
banned.users.remove(self.edit_user)
data = {'source': 'mission dolores park', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/redirects/%s/' % (self.API_ROOT, self.mission_dolores_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
# Now, let's try a global ban using the banned group
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.edit_user.groups.add(banned)
data = {'source': 'mission dolores park', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/redirects/%s/' % (self.API_ROOT, self.mission_dolores_park.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
## Now remove the ban and it should work
self.edit_user.groups.remove(banned)
data = {'source': 'mission dolores park', 'destination': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.duboce_park.id), 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/redirects/%s/' % (self.API_ROOT, self.mission_dolores_park.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
class MapAPITests(APITestCase):
def setUp(self):
super(MapAPITests, self).setUp()
# Create the edit user and add it to the authenticated group
self.edit_user = User(
username="******", email="*****@*****.**", password="******")
self.edit_user.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user.groups.add(all_group)
self.edit_user.save()
self.edit_user_2 = User(
username="******", email="*****@*****.**", password="******")
self.edit_user_2.save()
all_group, created = Group.objects.get_or_create(name=settings.USERS_DEFAULT_GROUP)
self.edit_user_2.groups.add(all_group)
self.edit_user_2.save()
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.golden_gate_park = Page(name="Golden Gate Park", content="<p>Hi</p>", region=self.sf)
self.golden_gate_park.save()
self.dolores_park = Page(name="Dolores Park", content="<p>Hi</p>", region=self.sf)
self.dolores_park.save()
self.duboce_park = Page(name="Duboce Park", content="<p>Hi</p>", region=self.sf)
self.duboce_park.save()
self.dolores_park_map = MapData(page=self.dolores_park, region=self.sf)
self.dolores_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}""")
self.dolores_park_map.save()
self.duboce_park_map = MapData(page=self.duboce_park, region=self.sf)
self.duboce_park_map.geom = GEOSGeometry("""
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.43505239486696,
37.770443352285376
],
[
-122.43490219116211,
37.76917121614543
],
[
-122.431640625,
37.769408683219545
],
[
-122.43179082870485,
37.76991753866766
],
[
-122.43460178375243,
37.769713996908635
],
[
-122.43505239486696,
37.770443352285376
]
]
]
}
]
}
""")
self.duboce_park_map.save()
def test_map_list(self):
response = self.client.get('%s/maps/' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 2)
def test_map_simple_post(self):
self.client.force_authenticate(user=self.edit_user)
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.golden_gate_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/maps/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
def test_page_chained_filter(self):
response = self.client.get('%s/maps/?page__slug__icontains=dolores' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
def test_geo_filter(self):
response = self.client.get('%s/maps/?polys__contains={ "type": "Point", "coordinates": [ -122.42724180221558, 37.75988395932576 ] }' % self.API_ROOT)
jresp = json.loads(response.content)
self.assertEqual(len(jresp['results']), 1)
def test_map_permissions(self):
self.client.force_authenticate(user=self.edit_user)
# Make it so only edit_user_2 can edit the Dolores Park page
assign_perm('change_page', self.edit_user_2, self.dolores_park)
# Now try and update the "dolores park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/maps/%s/' % (self.API_ROOT, self.dolores_park_map.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, self.dolores_park)
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/maps/%s/' % (self.API_ROOT, self.dolores_park_map.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
##################################################################################
# Let's also test a normal POST to a protected page which doesn't yet have a map
##################################################################################
new_park = Page(name="New Park", content="<p>Hi</p>", region=self.sf)
new_park.save()
# Make it so only edit_user_2 can edit the Dolores Park page
assign_perm('change_page', self.edit_user_2, new_park)
# Now try and create the "New Park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, new_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/maps/' % self.API_ROOT, data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the permission and it should work
remove_perm('change_page', self.edit_user_2, new_park)
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, new_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.post('%s/maps/' % self.API_ROOT, data, format='json')
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
##################################################################################
# Let's also test to see that a general 'ban' of a user restricts map editing
##################################################################################
# First, ban from the region
banned, created = BannedFromRegion.objects.get_or_create(region=self.sf)
banned.users.add(self.edit_user)
# Now try and update the "dolores park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/maps/%s/' % (self.API_ROOT, self.dolores_park_map.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
banned.users.remove(self.edit_user)
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/maps/%s/' % (self.API_ROOT, self.dolores_park_map.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
# Now, let's try a global ban using the banned group
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.edit_user.groups.add(banned)
# Now try and update the "dolores park" map as edit_user
geojson = """
{ "type": "GeometryCollection", "geometries": [
{
"type": "Polygon",
"coordinates": [
[
[
-122.42835760116576,
37.76128348360843
],
[
-122.42799282073973,
37.75812815505155
],
[
-122.42591142654419,
37.758297799795336
],
[
-122.42627620697021,
37.761402229904654
],
[
-122.42835760116576,
37.76128348360843
]
]
]
}]
}"""
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/maps/%s/' % (self.API_ROOT, self.dolores_park_map.id), data, format='json')
self.assertIn(resp.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
# Now remove the ban and it should work
self.edit_user.groups.remove(banned)
data = {'page': 'http://testserver%s/pages/%s/' % (self.API_ROOT, self.dolores_park.id), 'geom': geojson, 'region': 'http://testserver%s/regions/%s/' % (self.API_ROOT, self.sf.id)}
resp = self.client.put('%s/maps/%s/' % (self.API_ROOT, self.dolores_park_map.id), data, format='json')
self.assertEqual(resp.status_code, status.HTTP_200_OK)
class TagTest(TestCase):
def setUp(self):
self.region = Region(full_name='Test Region', slug='test_region')
self.region.save()
def test_bad_tags(self):
t = Tag(name='', region=self.region)
self.failUnlessRaises(IntegrityError, t.save, t)
t = Tag(name='!', region=self.region)
self.failUnlessRaises(IntegrityError, t.save, t)
t = Tag(name='/', region=self.region)
self.failUnlessRaises(IntegrityError, t.save, t)
t = Tag(name=' ', region=self.region)
self.failUnlessRaises(IntegrityError, t.save, t)
t = Tag(name='-', region=self.region)
self.failUnlessRaises(IntegrityError, t.save, t)
t = Tag(name='!@#$%^&*()', region=self.region)
self.failUnlessRaises(IntegrityError, t.save, t)
def test_slug(self):
t = Tag(name='Library of Congress', region=self.region)
t.save()
self.assertEqual(t.slug, 'libraryofcongress')
t = Tag(name='Сочи 2014', region=self.region)
t.save()
self.assertEqual(t.slug, 'сочи2014'.decode('utf-8'))
def test_fix_tags(self):
"""
Test the `fix_tags` utility function.
"""
from pages.models import Page
from tags.tag_utils import fix_tags
#########################
# Create some test regions
#########################
sf = Region(full_name="San Francisco Test", slug='sftest')
sf.save()
mission = Region(full_name="Mission", slug="mission")
mission.save()
#########################
# Create some test tags
#########################
park = Tag(name='park', region=sf)
park.save()
fun = Tag(name='fun', region=sf)
fun.save()
#########################
# Add the tags to a test page
#########################
page = Page(name="Duboce Park", content="<p>Park.</p>", region=sf)
page.save()
pts = PageTagSet(
page=page,
region=sf
)
pts.save()
pts.tags.add(park)
pts.tags.add(fun)
pts.save()
# Now do something odd and make one of the referenced `Tag`s point
# to a different region than the PageTagSet.
fun.region = mission
fun.save()
self.assertTrue(pts.tags.filter(region=mission).exists())
# Then attempt a fix:
fix_tags(sf, PageTagSet.objects.filter(id=pts.id))
pts = PageTagSet.objects.get(page=page, region=sf)
self.assertFalse(pts.tags.filter(region=mission).exists())
# Check that this is fixed in historical versions as well
for pts_h in pts.versions.all():
self.assertFalse(pts_h.tags.filter(region=mission).exists())
class PluginTest(TestCase):
def setUp(self):
self.region = Region(full_name='Test region', slug='test-region')
self.region.save()
self.context = {'region': self.region}
self.old_allowed_src = getattr(settings, 'EMBED_ALLOWED_SRC', ['.*'])
settings.EMBED_ALLOWED_SRC = [
'http://www.youtube.com/embed/.*',
'http://player.vimeo.com/video/.*'
]
def tearDown(self):
settings.EMBED_ALLOWED_SRC = self.old_allowed_src
def test_include_tag(self):
html = '<a class="plugin includepage" href="Front_Page">Front Page</a>'
template_text = html_to_template_text(html, context=self.context)
imports = ''.join(tag_imports)
self.assertEqual(
template_text, imports + ('<div class="included_page_wrapper">'
'{% include_page "Front_Page" %}'
'</div>'))
def test_include_plugin(self):
a = Page(name='Front Page', region=self.region)
a.content = '<a class="plugin includepage" href="Explore">dummy</a>'
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(
html, '<div class="included_page_wrapper"><p>Some text</p></div>')
def test_include_plugin_utf8(self):
a = Page(name='Front Page', region=self.region)
a.content = (u'<a class="plugin includepage" '
u'href="青平台基金會">dummy</a>')
a.save()
b = Page(name=u'青平台基金會', region=self.region)
b.content = u'<p>青平台基金會</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(
html, u'<div class="included_page_wrapper">'
u'<p>青平台基金會</p></div>')
def test_include_showtitle(self):
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage includepage_showtitle"'
' href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(html,
('<div class="included_page_wrapper">'
'<h2><a href="/test-region/Explore">Explore</a></h2>'
'<p>Some text</p>'
'</div>'))
def test_include_left(self):
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage includepage_left"'
' href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(
html, '<div class="included_page_wrapper includepage_left">'
'<p>Some text</p></div>')
def test_include_width(self):
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage" style="width: 100px"'
' href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(
html, ('<div class="included_page_wrapper" style="width: 100px;">'
'<p>Some text</p></div>'))
def test_include_nonexistant(self):
""" Should give an error message when including nonexistant page
"""
a = Page(name='Front Page', region=self.region)
a.content = '<a class="plugin includepage" href="New page">dummy</a>'
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.failUnless(('Unable to include <a href="/test-region/New_page"'
' class="missing_link">New page</a>') in html)
def test_endless_include(self):
""" Should detect endless loops and give an error message
"""
a = Page(name='Front Page', region=self.region)
a.content = '<a class="plugin includepage" href="Front_Page">dummy</a>'
a.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.failUnless(
('Unable to include <a href="/test-region/Front_Page">Front Page'
'</a>: endless include loop') in html)
def test_double_include(self):
""" Multiple includes are ok
"""
a = Page(name='Front Page', region=self.region)
a.content = ('<a class="plugin includepage" href="Explore">dummy</a>'
'<a class="plugin includepage" href="Explore">dummy</a>')
a.save()
b = Page(name='Explore', region=self.region)
b.content = '<p>Some text</p>'
b.save()
context = Context({'page': a, 'region': self.region})
template = Template(html_to_template_text(a.content, context))
html = template.render(context)
self.assertEqual(
html,
('<div class="included_page_wrapper"><p>Some text</p></div>'
'<div class="included_page_wrapper"><p>Some text</p></div>'))
def test_embed_tag(self):
html = ('<span class="plugin embed"><strong>Hello</strong>'
'</span>')
template_text = html_to_template_text(html)
imports = ''.join(tag_imports)
self.assertEqual(
template_text,
imports + ('{% embed_code %} <strong>Hello<'
'/strong> {% endembed_code %}'))
def test_embed_whitelist_reject(self):
html = ('<span class="plugin embed"><iframe src="http://evil.com"'
'></iframe></span>')
template = Template(html_to_template_text(html))
rendered = template.render(Context())
self.failUnless(('The embedded URL is not on the list of approved '
'providers') in rendered)
def test_embed_whitelist_accept(self):
html = ('<span class="plugin embed"><iframe '
'src="http://www.youtube.com/embed/JVRsWAjvQSg"'
'></iframe></span>')
template = Template(html_to_template_text(html))
rendered = template.render(Context())
self.failUnless(
'<iframe src="http://www.youtube.com/embed/JVRsWAjvQSg"></iframe>'
in rendered)
def test_amp_in_link_with_class(self):
page = Page(name='Explore', region=self.region)
html = ('<p><a class="external something" '
'href="http://example.org/?t=1&i=2">hi</a></p>')
template = Template(html_to_template_text(html))
rendered = template.render(
Context({
'page': page,
'region': self.region
}))
self.failUnless('http://example.org/?t=1&i=2' in rendered)
def test_link_nofollow(self):
# Regular
page = Page(name='Explore', region=self.region)
rf = RequestFactory()
request = rf.get('/')
content = ('<p><a href="http://example.org/">hi</a></p>')
template = Template("""
{% load pages_tags %}
{% render_plugins content %}
""")
rendered = template.render(
Context({
'region': self.region,
'request': request,
'content': content,
'page': page
}))
self.failUnless('http://example.org/' in rendered)
self.assertTrue('nofollow' not in rendered)
# Nofollow
page = Page(name='Explore', region=self.region)
rf = RequestFactory()
request = rf.get('/')
content = ('<p><a href="http://example.org/">hi</a></p>')
template = Template("""
{% load pages_tags %}
{% render_plugins_nofollow content %}
""")
rendered = template.render(
Context({
'region': self.region,
'request': request,
'content': content,
'page': page
}))
self.failUnless('http://example.org/' in rendered)
self.assertTrue('nofollow' in rendered)
