def test_delete_image_from_other_user(self):
""" if user try to remove images from another user without permission"""
profile4 = ProfileFactory()
gallery4 = GalleryFactory()
image4 = ImageFactory(gallery=gallery4)
UserGalleryFactory(user=profile4.user, gallery=gallery4)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
self.client.post(
reverse('gallery-image-delete',
kwargs={'pk_gallery': self.gallery1.pk}),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': image4.pk
},
follow=True,
)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
image4.delete()
class UserGalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user,
gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_can_write(self):
self.user_gallery.mode = 'W'
self.assertTrue(self.user_gallery.can_write())
self.assertFalse(self.user_gallery.can_read())
def test_can_read(self):
self.user_gallery.mode = 'R'
self.assertFalse(self.user_gallery.can_write())
self.assertTrue(self.user_gallery.can_read())
def test_get_images(self):
self.assertEqual(2, len(self.user_gallery.get_images()))
self.assertEqual(self.image1, self.user_gallery.get_images()[0])
self.assertEqual(self.image2, self.user_gallery.get_images()[1])
class ImageTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
def tearDown(self):
self.image.delete()
self.gallery.delete()
def test_unicode(self):
self.assertEqual(self.image.slug, self.image.__unicode__())
def test_get_absolute_url(self):
absolute_url = u'{0}/{1}'.format(settings.MEDIA_URL, self.image.physical)
self.assertEqual(absolute_url, self.image.get_absolute_url())
def test_get_extension(self):
self.assertEqual('jpg', self.image.get_extension())
def test_save_image(self):
test_image = ImageFactory(gallery=self.gallery)
self.assertTrue(os.path.isfile(test_image.physical.path))
test_image.delete()
self.assertFalse(os.path.isfile(test_image.physical.path))
def test_save_and_delete_image(self):
test_image = ImageFactory(gallery=self.gallery)
image_path = test_image.physical.path
self.assertTrue(os.path.isfile(image_path))
test_image.delete()
self.assertFalse(os.path.isfile(image_path))
class UserGalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_can_write(self):
self.user_gallery.mode = 'W'
self.assertTrue(self.user_gallery.can_write())
self.assertFalse(self.user_gallery.can_read())
def test_can_read(self):
self.user_gallery.mode = 'R'
self.assertFalse(self.user_gallery.can_write())
self.assertTrue(self.user_gallery.can_read())
def test_get_images(self):
self.assertEqual(2, len(self.user_gallery.get_images()))
self.assertEqual(self.image1, self.user_gallery.get_images()[0])
self.assertEqual(self.image2, self.user_gallery.get_images()[1])
class ImageTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
def tearDown(self):
self.image.delete()
self.gallery.delete()
def test_get_absolute_url(self):
absolute_url = '{0}/{1}'.format(settings.MEDIA_URL, self.image.physical).replace('//', '/')
self.assertEqual(absolute_url, self.image.get_absolute_url())
def test_get_extension(self):
self.assertEqual('jpg', self.image.get_extension())
def test_save_and_delete_image(self):
test_image = ImageFactory(gallery=self.gallery)
image_path = test_image.physical.path
self.assertTrue(os.path.isfile(image_path))
test_image.delete()
self.assertFalse(os.path.isfile(image_path))
class ImageTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
def tearDown(self):
self.image.delete()
self.gallery.delete()
def test_get_absolute_url(self):
absolute_url = '{0}/{1}'.format(settings.MEDIA_URL,
self.image.physical).replace(
'//', '/')
self.assertEqual(absolute_url, self.image.get_absolute_url())
def test_get_extension(self):
self.assertEqual('jpg', self.image.get_extension())
def test_save_and_delete_image(self):
test_image = ImageFactory(gallery=self.gallery)
image_path = test_image.physical.path
self.assertTrue(os.path.isfile(image_path))
test_image.delete()
self.assertFalse(os.path.isfile(image_path))
def test_save_and_delete_image(self):
test_image = ImageFactory(gallery=self.gallery)
image_path = test_image.physical.path
self.assertTrue(os.path.isfile(image_path))
test_image.delete()
self.assertFalse(os.path.isfile(image_path))
class GalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_unicode(self):
self.assertEqual(self.gallery.title, self.gallery.__unicode__())
def test_get_absolute_url(self):
absolute_url = reverse('zds.gallery.views.gallery_details',
args=[self.gallery.pk, self.gallery.slug])
self.assertEqual(absolute_url, self.gallery.get_absolute_url())
def test_get_users(self):
self.assertEqual(1, len(self.gallery.get_users()))
self.assertEqual(self.user_gallery, self.gallery.get_users()[0])
def test_get_images(self):
self.assertEqual(2, len(self.gallery.get_images()))
self.assertEqual(self.image1, self.gallery.get_images()[0])
self.assertEqual(self.image2, self.gallery.get_images()[1])
def test_get_last_image(self):
self.assertEqual(self.image2, self.gallery.get_last_image())
class GalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user,
gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_unicode(self):
self.assertEqual(self.gallery.title, self.gallery.__unicode__())
def test_get_absolute_url(self):
absolute_url = reverse('gallery-details',
args=[self.gallery.pk, self.gallery.slug])
self.assertEqual(absolute_url, self.gallery.get_absolute_url())
def test_get_linked_users(self):
self.assertEqual(1, len(self.gallery.get_linked_users()))
self.assertEqual(self.user_gallery, self.gallery.get_linked_users()[0])
def test_get_images(self):
self.assertEqual(2, len(self.gallery.get_images()))
self.assertEqual(self.image1, self.gallery.get_images()[0])
self.assertEqual(self.image2, self.gallery.get_images()[1])
def test_get_last_image(self):
self.assertEqual(self.image2, self.gallery.get_last_image())
def test_delete_empty_gallery(self):
test_gallery = GalleryFactory()
path = test_gallery.get_gallery_path()
test_gallery.delete()
self.assertFalse(os.path.isdir(path))
def test_delete_gallery_with_image(self):
test_gallery = GalleryFactory()
test_image = ImageFactory(gallery=test_gallery)
path_gallery = test_gallery.get_gallery_path()
self.assertTrue(os.path.isdir(path_gallery))
path_image = test_image.physical.path
self.assertTrue(os.path.isfile(path_image))
# Destroy the gallery and the image
test_gallery.delete()
self.assertFalse(os.path.isdir(path_gallery))
self.assertFalse(os.path.isfile(path_image))
class GalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_get_absolute_url(self):
absolute_url = reverse('gallery-details',
args=[self.gallery.pk, self.gallery.slug])
self.assertEqual(absolute_url, self.gallery.get_absolute_url())
def test_get_linked_users(self):
self.assertEqual(1, len(self.gallery.get_linked_users()))
self.assertEqual(self.user_gallery, self.gallery.get_linked_users()[0])
def test_get_images(self):
self.assertEqual(2, len(self.gallery.get_images()))
self.assertEqual(self.image1, self.gallery.get_images()[0])
self.assertEqual(self.image2, self.gallery.get_images()[1])
def test_get_last_image(self):
self.assertEqual(self.image2, self.gallery.get_last_image())
def test_delete_empty_gallery(self):
test_gallery = GalleryFactory()
path = test_gallery.get_gallery_path()
test_gallery.delete()
self.assertFalse(os.path.isdir(path))
def test_delete_gallery_with_image(self):
test_gallery = GalleryFactory()
test_image = ImageFactory(gallery=test_gallery)
path_gallery = test_gallery.get_gallery_path()
self.assertTrue(os.path.isdir(path_gallery))
path_image = test_image.physical.path
self.assertTrue(os.path.isfile(path_image))
# Destroy the gallery and the image
test_gallery.delete()
self.assertFalse(os.path.isdir(path_gallery))
self.assertFalse(os.path.isfile(path_image))
class UserGalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user,
gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_unicode(self):
result = u'Galerie "{0}" envoye par {1}'.format(
self.gallery, self.profile.user)
self.assertEqual(result, self.user_gallery.__unicode__())
def test_is_write(self):
self.user_gallery.mode = 'W'
self.assertTrue(self.user_gallery.is_write())
self.assertFalse(self.user_gallery.is_read())
def test_is_read(self):
self.user_gallery.mode = 'R'
self.assertFalse(self.user_gallery.is_write())
self.assertTrue(self.user_gallery.is_read())
def test_get_images(self):
self.assertEqual(2, len(self.user_gallery.get_images()))
self.assertEqual(self.image1, self.user_gallery.get_images()[0])
self.assertEqual(self.image2, self.user_gallery.get_images()[1])
def test_get_gallery(self):
gallery_results = self.user_gallery.get_gallery(self.profile.user)
self.assertEqual(1, len(gallery_results))
self.assertEqual(self.gallery, gallery_results[0])
class UserGalleryTest(TestCase):
def setUp(self):
self.profile = ProfileFactory()
self.gallery = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery)
self.image2 = ImageFactory(gallery=self.gallery)
self.user_gallery = UserGalleryFactory(user=self.profile.user, gallery=self.gallery)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.user_gallery.delete()
self.gallery.delete()
def test_unicode(self):
result = u'Galerie "{0}" envoye par {1}'.format(self.gallery, self.profile.user)
self.assertEqual(result, self.user_gallery.__unicode__())
def test_is_write(self):
self.user_gallery.mode = 'W'
self.assertTrue(self.user_gallery.is_write())
self.assertFalse(self.user_gallery.is_read())
def test_is_read(self):
self.user_gallery.mode = 'R'
self.assertFalse(self.user_gallery.is_write())
self.assertTrue(self.user_gallery.is_read())
def test_get_images(self):
self.assertEqual(2, len(self.user_gallery.get_images()))
self.assertEqual(self.image1, self.user_gallery.get_images()[0])
self.assertEqual(self.image2, self.user_gallery.get_images()[1])
def test_get_gallery(self):
gallery_results = self.user_gallery.get_gallery(self.profile.user)
self.assertEqual(1, len(gallery_results))
self.assertEqual(self.gallery, gallery_results[0])
def test_delete_image_from_other_user(self):
"""if user try to remove images from another user without permission"""
profile4 = ProfileFactory()
gallery4 = GalleryFactory()
image4 = ImageFactory(gallery=gallery4)
UserGalleryFactory(user=profile4.user, gallery=gallery4)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
self.client.force_login(self.profile1.user)
self.client.post(
reverse("gallery-image-delete",
kwargs={"pk_gallery": self.gallery1.pk}),
{
"gallery": self.gallery1.pk,
"delete": "",
"image": image4.pk
},
follow=True,
)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
image4.delete()
def test_delete_image_from_other_user(self):
""" if user try to remove images from another user without permission"""
profile4 = ProfileFactory()
gallery4 = GalleryFactory()
image4 = ImageFactory(gallery=gallery4)
UserGalleryFactory(user=profile4.user, gallery=gallery4)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
self.client.post(
reverse('zds.gallery.views.modify_image'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': image4.pk
},
follow=True,
)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
image4.delete()
class ImageTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
def tearDown(self):
self.image.delete()
self.gallery.delete()
def test_get_absolute_url(self):
absolute_url = f"{settings.MEDIA_URL}/{self.image.physical}".replace("//", "/")
self.assertEqual(absolute_url, self.image.get_absolute_url())
def test_get_extension(self):
self.assertEqual("jpg", self.image.get_extension())
def test_save_and_delete_image(self):
test_image = ImageFactory(gallery=self.gallery)
image_path = test_image.physical.path
self.assertTrue(os.path.isfile(image_path))
test_image.delete()
self.assertFalse(os.path.isfile(image_path))
class EditImageViewTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery, mode='W')
self.user_gallery2 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery, mode='R')
def tearDown(self):
self.image.delete()
def test_denies_anonymous(self):
response = self.client.get(
reverse(
'zds.gallery.views.edit_image',
args=[15, 156]
),
follow=True
)
self.assertRedirects(response,
reverse('zds.member.views.login_view')
+ '?next=' + urllib.quote(reverse('zds.gallery.views.edit_image', args=[15, 156]), ''))
def test_fail_member_no_permission_can_edit_image(self):
login_check = self.client.login(username=self.profile3.user.username, password='******')
self.assertTrue(login_check)
with open(os.path.join(settings.SITE_ROOT, 'fixtures', 'logo.png'), 'r') as fp:
self.client.post(
reverse(
'zds.gallery.views.edit_image',
args=[self.gallery.pk, self.image.pk]
),
{
'title': 'modify with no perms',
'legend': 'test legend',
'slug': 'test-slug',
'physical': fp
},
follow=True
)
image_test = Image.objects.get(pk=self.image.pk)
self.assertNotEqual('modify with no perms', image_test.title)
image_test.delete()
def test_success_member_edit_image(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
with open(os.path.join(settings.SITE_ROOT, 'fixtures', 'logo.png'), 'r') as fp:
response = self.client.post(
reverse(
'zds.gallery.views.edit_image',
args=[self.gallery.pk, self.image.pk]
),
{
'title': 'edit title',
'legend': 'dit legend',
'slug': 'edit-slug',
'physical': fp
},
follow=True
)
self.assertEqual(200, response.status_code)
image_test = Image.objects.get(pk=self.image.pk)
self.assertEqual('edit title', image_test.title)
image_test.delete()
def test_access_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.get(reverse(
'zds.gallery.views.edit_image',
args=[self.gallery.pk, self.image.pk]
))
self.assertEqual(200, response.status_code)
class ModifyGalleryViewTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R')
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_fail_delete_multi_read_permission(self):
""" when user wants to delete a list of galleries just with a read permission """
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(3, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'delete_multi': '',
'items': [self.gallery1.pk]
},
follow=True
)
self.assertEqual(403, response.status_code)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(3, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_multi_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(3, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'delete_multi': '',
'items': [self.gallery1.pk, self.gallery2.pk]
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Gallery.objects.all().count())
self.assertEqual(0, UserGallery.objects.all().count())
self.assertEqual(0, Image.objects.all().count())
def test_fail_add_user_with_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
# gallery nonexistent
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'adduser': '',
'gallery': 89,
}
)
self.assertEqual(404, response.status_code)
# try to add an user with write permission
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile2.user.username,
'mode': 'W',
}
)
self.assertEqual(403, response.status_code)
def test_fail_add_user_already_has_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
# Same permission : read
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile2.user.username,
'mode': 'R',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
# try to add write permission to an user
# who has already an read permission
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile2.user.username,
'mode': 'W',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_read_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile3.user.username,
'mode': 'R',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('zds.gallery.views.modify_gallery'),
{
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile3.user.username,
'mode': 'W',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
class ModifyImageTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery1,
mode='R')
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_denies_anonymous(self):
response = self.client.get(reverse('gallery-image-delete'),
follow=True)
self.assertRedirects(
response,
reverse('member-login') + '?next=' +
urllib.quote(reverse('gallery-image-delete'), ''))
def test_fail_modify_image_with_no_permission(self):
login_check = self.client.login(username=self.profile3.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-image-delete'),
{
'gallery': self.gallery1.pk,
},
follow=True,
)
self.assertTrue(403, response.status_code)
def test_delete_image_from_other_user(self):
""" if user try to remove images from another user without permission"""
profile4 = ProfileFactory()
gallery4 = GalleryFactory()
image4 = ImageFactory(gallery=gallery4)
UserGalleryFactory(user=profile4.user, gallery=gallery4)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
self.client.post(
reverse('gallery-image-delete'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': image4.pk
},
follow=True,
)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
image4.delete()
def test_success_delete_image_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-image-delete'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': self.image1.pk
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count())
def test_success_delete_list_images_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-image-delete'),
{
'gallery': self.gallery1.pk,
'delete_multi': '',
'items': [self.image1.pk, self.image2.pk]
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count())
self.assertEqual(0, Image.objects.filter(pk=self.image2.pk).count())
def test_fail_delete_image_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-image-delete'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': self.image1.pk
},
follow=True,
)
self.assertEqual(403, response.status_code)
self.assertEqual(1, Image.objects.filter(pk=self.image1.pk).count())
class EditImageViewTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery,
mode='W')
self.user_gallery2 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery,
mode='R')
def tearDown(self):
self.image.delete()
def test_denies_anonymous(self):
response = self.client.get(reverse('gallery-image-edit',
args=[15, 156]),
follow=True)
self.assertRedirects(
response,
reverse('member-login') + '?next=' +
urllib.quote(reverse('gallery-image-edit', args=[15, 156]), ''))
def test_fail_member_no_permission_can_edit_image(self):
login_check = self.client.login(username=self.profile3.user.username,
password='******')
self.assertTrue(login_check)
with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'),
'r') as fp:
self.client.post(reverse('gallery-image-edit',
args=[self.gallery.pk, self.image.pk]), {
'title': 'modify with no perms',
'legend': 'test legend',
'slug': 'test-slug',
'physical': fp
},
follow=True)
image_test = Image.objects.get(pk=self.image.pk)
self.assertNotEqual('modify with no perms', image_test.title)
image_test.delete()
def test_success_member_edit_image(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
nb_files = len(os.listdir(self.gallery.get_gallery_path()))
with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'),
'r') as fp:
response = self.client.post(reverse(
'gallery-image-edit', args=[self.gallery.pk, self.image.pk]), {
'title': 'edit title',
'legend': 'dit legend',
'slug': 'edit-slug',
'physical': fp
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(nb_files + 3,
len(os.listdir(self.gallery.get_gallery_path())))
image_test = Image.objects.get(pk=self.image.pk)
self.assertEqual('edit title', image_test.title)
image_test.delete()
# picture AND thumbnail should be gone
self.assertEqual(nb_files,
len(os.listdir(self.gallery.get_gallery_path())))
def test_access_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.get(
reverse('gallery-image-edit',
args=[self.gallery.pk, self.image.pk]))
self.assertEqual(200, response.status_code)
class ModifyGalleryViewTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery1,
mode='R')
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_fail_delete_multi_read_permission(self):
""" when user wants to delete a list of galleries just with a read permission """
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(3, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse('gallery-modify'), {
'delete_multi': '',
'items': [self.gallery1.pk]
},
follow=True)
self.assertEqual(403, response.status_code)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(3, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_multi_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(3, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('gallery-modify'), {
'delete_multi': '',
'items': [self.gallery1.pk, self.gallery2.pk]
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Gallery.objects.all().count())
self.assertEqual(0, UserGallery.objects.all().count())
self.assertEqual(0, Image.objects.all().count())
def test_fail_add_user_with_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
# gallery nonexistent
response = self.client.post(reverse('gallery-modify'), {
'adduser': '',
'gallery': 89,
})
self.assertEqual(404, response.status_code)
# try to add an user with write permission
response = self.client.post(
reverse('gallery-modify'), {
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile2.user.username,
'mode': 'W',
})
self.assertEqual(403, response.status_code)
def test_fail_add_user_already_has_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
# Same permission : read
response = self.client.post(reverse('gallery-modify'), {
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile2.user.username,
'mode': 'R',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
# try to add write permission to an user
# who has already an read permission
response = self.client.post(reverse('gallery-modify'), {
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile2.user.username,
'mode': 'W',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_read_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(reverse('gallery-modify'), {
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile3.user.username,
'mode': 'R',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(reverse('gallery-modify'), {
'adduser': '',
'gallery': self.gallery1.pk,
'user': self.profile3.user.username,
'mode': 'W',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
class EditImageViewTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery,
mode="W")
self.user_gallery2 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery,
mode="R")
def tearDown(self):
self.image.delete()
def test_fail_member_no_permission_can_edit_image(self):
login_check = self.client.login(username=self.profile3.user.username,
password="******")
self.assertTrue(login_check)
with (settings.BASE_DIR / "fixtures" / "logo.png").open("rb") as fp:
self.client.post(
reverse("gallery-image-edit",
args=[self.gallery.pk, self.image.pk]),
{
"title": "modify with no perms",
"legend": "test legend",
"slug": "test-slug",
"physical": fp
},
follow=True,
)
image_test = Image.objects.get(pk=self.image.pk)
self.assertNotEqual("modify with no perms", image_test.title)
image_test.delete()
def test_success_member_edit_image(self):
login_check = self.client.login(username=self.profile1.user.username,
password="******")
self.assertTrue(login_check)
nb_files = len(os.listdir(self.gallery.get_gallery_path()))
with (settings.BASE_DIR / "fixtures" / "logo.png").open("rb") as fp:
response = self.client.post(
reverse("gallery-image-edit",
args=[self.gallery.pk, self.image.pk]),
{
"title": "edit title",
"legend": "dit legend",
"slug": "edit-slug",
"physical": fp
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(nb_files + 3,
len(os.listdir(self.gallery.get_gallery_path())))
image_test = Image.objects.get(pk=self.image.pk)
self.assertEqual("edit title", image_test.title)
image_test.delete()
# picture AND thumbnail should be gone
self.assertEqual(nb_files,
len(os.listdir(self.gallery.get_gallery_path())))
def test_access_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password="******")
self.assertTrue(login_check)
response = self.client.get(
reverse("gallery-image-edit",
args=[self.gallery.pk, self.image.pk]))
self.assertEqual(200, response.status_code)
class ModifyImageTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery1,
mode="R")
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_fail_modify_image_with_no_permission(self):
login_check = self.client.login(username=self.profile3.user.username,
password="******")
self.assertTrue(login_check)
response = self.client.post(
reverse("gallery-image-delete",
kwargs={"pk_gallery": self.gallery1.pk}),
{
"gallery": self.gallery1.pk,
},
follow=True,
)
self.assertTrue(403, response.status_code)
def test_delete_image_from_other_user(self):
""" if user try to remove images from another user without permission"""
profile4 = ProfileFactory()
gallery4 = GalleryFactory()
image4 = ImageFactory(gallery=gallery4)
UserGalleryFactory(user=profile4.user, gallery=gallery4)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
login_check = self.client.login(username=self.profile1.user.username,
password="******")
self.assertTrue(login_check)
self.client.post(
reverse("gallery-image-delete",
kwargs={"pk_gallery": self.gallery1.pk}),
{
"gallery": self.gallery1.pk,
"delete": "",
"image": image4.pk
},
follow=True,
)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
image4.delete()
def test_success_delete_image_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password="******")
self.assertTrue(login_check)
response = self.client.post(
reverse("gallery-image-delete",
kwargs={"pk_gallery": self.gallery1.pk}),
{
"gallery": self.gallery1.pk,
"delete": "",
"image": self.image1.pk
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count())
def test_success_delete_list_images_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password="******")
self.assertTrue(login_check)
response = self.client.post(
reverse("gallery-image-delete",
kwargs={"pk_gallery": self.gallery1.pk}),
{
"gallery": self.gallery1.pk,
"delete_multi": "",
"g_items": [self.image1.pk, self.image2.pk]
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count())
self.assertEqual(0, Image.objects.filter(pk=self.image2.pk).count())
def test_fail_delete_image_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username,
password="******")
self.assertTrue(login_check)
response = self.client.post(
reverse("gallery-image-delete",
kwargs={"pk_gallery": self.gallery1.pk}),
{
"gallery": self.gallery1.pk,
"delete": "",
"image": self.image1.pk
},
follow=True,
)
self.assertEqual(403, response.status_code)
self.assertEqual(1, Image.objects.filter(pk=self.image1.pk).count())
class EditImageViewTest(TestCase):
def setUp(self):
self.gallery = GalleryFactory()
self.image = ImageFactory(gallery=self.gallery)
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery, mode='W')
self.user_gallery2 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery, mode='R')
def tearDown(self):
self.image.delete()
def test_fail_member_no_permission_can_edit_image(self):
login_check = self.client.login(username=self.profile3.user.username, password='******')
self.assertTrue(login_check)
with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'), 'rb') as fp:
self.client.post(
reverse(
'gallery-image-edit',
args=[self.gallery.pk, self.image.pk]
),
{
'title': 'modify with no perms',
'legend': 'test legend',
'slug': 'test-slug',
'physical': fp
},
follow=True
)
image_test = Image.objects.get(pk=self.image.pk)
self.assertNotEqual('modify with no perms', image_test.title)
image_test.delete()
def test_success_member_edit_image(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
nb_files = len(os.listdir(self.gallery.get_gallery_path()))
with open(os.path.join(settings.BASE_DIR, 'fixtures', 'logo.png'), 'rb') as fp:
response = self.client.post(
reverse(
'gallery-image-edit',
args=[self.gallery.pk, self.image.pk]
),
{
'title': 'edit title',
'legend': 'dit legend',
'slug': 'edit-slug',
'physical': fp
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(nb_files + 3, len(os.listdir(self.gallery.get_gallery_path())))
image_test = Image.objects.get(pk=self.image.pk)
self.assertEqual('edit title', image_test.title)
image_test.delete()
# picture AND thumbnail should be gone
self.assertEqual(nb_files, len(os.listdir(self.gallery.get_gallery_path())))
def test_access_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.get(reverse(
'gallery-image-edit',
args=[self.gallery.pk, self.image.pk]
))
self.assertEqual(200, response.status_code)
class ModifyGalleryViewTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R')
default_gallery_u1 = GalleryFactory(title='default', slug='default', subtitle='bla')
UserGalleryFactory(user=self.profile1.user, gallery=default_gallery_u1, is_default=True)
default_gallery_u2 = GalleryFactory(title='default', slug='default', subtitle='bla')
UserGalleryFactory(user=self.profile2.user, gallery=default_gallery_u2, is_default=True)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_fail_delete_multi_read_permission(self):
""" when user wants to delete a list of galleries just with a read permission """
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('galleries-delete'),
{
'delete_multi': '',
'g_items': [self.gallery1.pk]
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_multi_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('galleries-delete'),
{
'delete_multi': '',
'g_items': [self.gallery1.pk, self.gallery2.pk]
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(2, UserGallery.objects.all().count())
self.assertEqual(0, Image.objects.all().count())
def test_fail_delete_read_permission(self):
""" when user wants to delete a gallery just with a read permission """
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('galleries-delete'),
{
'delete': '',
'gallery': self.gallery1.pk
},
follow=True
)
self.assertEqual(403, response.status_code)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('galleries-delete'),
{
'delete': '',
'gallery': self.gallery1.pk
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Gallery.objects.filter(pk=self.gallery1.pk).count())
self.assertEqual(0, UserGallery.objects.filter(gallery=self.gallery1).count())
self.assertEqual(0, Image.objects.filter(gallery=self.gallery1).count())
def test_fail_add_user_with_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
# gallery nonexistent
response = self.client.post(
reverse('gallery-members', kwargs={'pk': 99999}),
{
'action': 'add',
}
)
self.assertEqual(404, response.status_code)
# try to add a user with write permission
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile2.user.username,
'mode': 'W',
}
)
self.assertEqual(403, response.status_code)
def test_fail_add_user_already_has_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
# Same permission : read
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile2.user.username,
'mode': 'R',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
# try to add write permission to a user
# who has already an read permission
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile2.user.username,
'mode': 'W',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_read_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile3.user.username,
'mode': 'R',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile3.user.username,
'mode': 'W',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
def test_success_modify_user_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile3.user.username,
'mode': 'W',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'edit',
'user': self.profile3.user.username,
'mode': 'R',
},
follow=True
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_fail_user_modify_self(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'edit',
'user': self.profile1.user.username,
'mode': 'R',
},
follow=True
)
self.assertEqual(403, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile1.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
def test_success_user_leave_gallery(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# kick the other
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile2.user.username,
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(user_galleries.count(), 1)
self.assertEqual(user_galleries.last().user, self.profile1.user)
def test_error_last_user_with_write_leave_gallery(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
user_gallery = UserGallery.objects.filter(gallery=self.gallery1, user=self.profile1.user)
self.assertEqual(user_gallery.count(), 1)
# try to quit
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile1.user.username,
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(user_gallery.count(), 1) # not gone
def test_success_user_with_read_permission_leave_gallery(self):
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# leave
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile2.user.username,
},
follow=True
)
self.assertEqual(200, response.status_code)
self.assertEqual(user_galleries.count(), 1)
self.assertEqual(user_galleries.last().user, self.profile1.user)
def test_fail_user_modify_user_has_permission(self):
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# set W
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'edit',
'user': self.profile2.user.username,
'mode': 'W',
},
follow=True
)
self.assertEqual(403, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user, gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
# kick other
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile1.user.username,
},
follow=True
)
self.assertEqual(403, response.status_code)
self.assertEqual(user_galleries.count(), 2)
class ModifyImageTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user, gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user, gallery=self.gallery1, mode='R')
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_denies_anonymous(self):
response = self.client.get(reverse('zds.gallery.views.modify_image'), follow=True)
self.assertRedirects(response,
reverse('zds.member.views.login_view')
+ '?next=' + urllib.quote(reverse('zds.gallery.views.modify_image'), ''))
def test_fail_modify_image_with_no_permission(self):
login_check = self.client.login(username=self.profile3.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('zds.gallery.views.modify_image'),
{
'gallery': self.gallery1.pk,
},
follow=True,
)
self.assertTrue(403, response.status_code)
def test_delete_image_from_other_user(self):
""" if user try to remove images from another user without permission"""
profile4 = ProfileFactory()
gallery4 = GalleryFactory()
image4 = ImageFactory(gallery=gallery4)
UserGalleryFactory(user=profile4.user, gallery=gallery4)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
self.client.post(
reverse('zds.gallery.views.modify_image'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': image4.pk
},
follow=True,
)
self.assertEqual(1, Image.objects.filter(pk=image4.pk).count())
image4.delete()
def test_success_delete_image_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('zds.gallery.views.modify_image'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': self.image1.pk
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count())
def test_success_delete_list_images_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('zds.gallery.views.modify_image'),
{
'gallery': self.gallery1.pk,
'delete_multi': '',
'items': [self.image1.pk, self.image2.pk]
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(0, Image.objects.filter(pk=self.image1.pk).count())
self.assertEqual(0, Image.objects.filter(pk=self.image2.pk).count())
def test_fail_delete_image_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username, password='******')
self.assertTrue(login_check)
response = self.client.post(
reverse('zds.gallery.views.modify_image'),
{
'gallery': self.gallery1.pk,
'delete': '',
'image': self.image1.pk
},
follow=True,
)
self.assertEqual(403, response.status_code)
self.assertEqual(1, Image.objects.filter(pk=self.image1.pk).count())
class ModifyGalleryViewTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery1,
mode='R')
default_gallery_u1 = GalleryFactory(title='default',
slug='default',
subtitle='bla')
UserGalleryFactory(user=self.profile1.user,
gallery=default_gallery_u1,
is_default=True)
default_gallery_u2 = GalleryFactory(title='default',
slug='default',
subtitle='bla')
UserGalleryFactory(user=self.profile2.user,
gallery=default_gallery_u2,
is_default=True)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_fail_delete_multi_read_permission(self):
""" when user wants to delete a list of galleries just with a read permission """
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse('galleries-delete'), {
'delete_multi': '',
'g_items': [self.gallery1.pk]
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_multi_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse('galleries-delete'), {
'delete_multi': '',
'g_items': [self.gallery1.pk, self.gallery2.pk]
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(2, UserGallery.objects.all().count())
self.assertEqual(0, Image.objects.all().count())
def test_fail_delete_read_permission(self):
""" when user wants to delete a gallery just with a read permission """
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse('galleries-delete'), {
'delete': '',
'gallery': self.gallery1.pk
},
follow=True)
self.assertEqual(403, response.status_code)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse('galleries-delete'), {
'delete': '',
'gallery': self.gallery1.pk
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(0,
Gallery.objects.filter(pk=self.gallery1.pk).count())
self.assertEqual(
0,
UserGallery.objects.filter(gallery=self.gallery1).count())
self.assertEqual(0,
Image.objects.filter(gallery=self.gallery1).count())
def test_fail_add_user_with_read_permission(self):
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
# gallery nonexistent
response = self.client.post(
reverse('gallery-members', kwargs={'pk': 99999}), {
'action': 'add',
})
self.assertEqual(404, response.status_code)
# try to add a user with write permission
response = self.client.post(
reverse('gallery-members', kwargs={'pk': self.gallery1.pk}), {
'action': 'add',
'user': self.profile2.user.username,
'mode': 'W',
})
self.assertEqual(403, response.status_code)
def test_fail_add_user_already_has_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
# Same permission : read
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile2.user.username,
'mode': 'R',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
# try to add write permission to a user
# who has already an read permission
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile2.user.username,
'mode': 'W',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_read_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile3.user.username,
'mode': 'R',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_success_add_user_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile3.user.username,
'mode': 'W',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
def test_success_modify_user_write_permission(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'add',
'user': self.profile3.user.username,
'mode': 'W',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'edit',
'user': self.profile3.user.username,
'mode': 'R',
},
follow=True)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
def test_fail_user_modify_self(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'edit',
'user': self.profile1.user.username,
'mode': 'R',
},
follow=True)
self.assertEqual(403, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile1.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('W', permissions[0].mode)
def test_success_user_leave_gallery(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# kick the other
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile2.user.username,
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(user_galleries.count(), 1)
self.assertEqual(user_galleries.last().user, self.profile1.user)
def test_error_last_user_with_write_leave_gallery(self):
login_check = self.client.login(username=self.profile1.user.username,
password='******')
self.assertTrue(login_check)
user_gallery = UserGallery.objects.filter(gallery=self.gallery1,
user=self.profile1.user)
self.assertEqual(user_gallery.count(), 1)
# try to quit
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile1.user.username,
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(user_gallery.count(), 1) # not gone
def test_success_user_with_read_permission_leave_gallery(self):
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# leave
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile2.user.username,
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(user_galleries.count(), 1)
self.assertEqual(user_galleries.last().user, self.profile1.user)
def test_fail_user_modify_user_has_permission(self):
login_check = self.client.login(username=self.profile2.user.username,
password='******')
self.assertTrue(login_check)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# set W
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'edit',
'user': self.profile2.user.username,
'mode': 'W',
},
follow=True)
self.assertEqual(403, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual('R', permissions[0].mode)
# kick other
response = self.client.post(reverse('gallery-members',
kwargs={'pk': self.gallery1.pk}),
{
'action': 'leave',
'user': self.profile1.user.username,
},
follow=True)
self.assertEqual(403, response.status_code)
self.assertEqual(user_galleries.count(), 2)
class ModifyGalleryViewTest(TestCase):
def setUp(self):
self.profile1 = ProfileFactory()
self.profile2 = ProfileFactory()
self.profile3 = ProfileFactory()
self.gallery1 = GalleryFactory()
self.gallery2 = GalleryFactory()
self.image1 = ImageFactory(gallery=self.gallery1)
self.image2 = ImageFactory(gallery=self.gallery1)
self.image3 = ImageFactory(gallery=self.gallery2)
self.user_gallery1 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery1)
self.user_gallery2 = UserGalleryFactory(user=self.profile1.user,
gallery=self.gallery2)
self.user_gallery3 = UserGalleryFactory(user=self.profile2.user,
gallery=self.gallery1,
mode="R")
default_gallery_u1 = GalleryFactory(title="default",
slug="default",
subtitle="bla")
UserGalleryFactory(user=self.profile1.user,
gallery=default_gallery_u1,
is_default=True)
default_gallery_u2 = GalleryFactory(title="default",
slug="default",
subtitle="bla")
UserGalleryFactory(user=self.profile2.user,
gallery=default_gallery_u2,
is_default=True)
def tearDown(self):
self.image1.delete()
self.image2.delete()
self.image3.delete()
def test_fail_delete_multi_read_permission(self):
"""when user wants to delete a list of galleries just with a read permission"""
self.client.force_login(self.profile2.user)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse("galleries-delete"), {
"delete_multi": "",
"g_items": [self.gallery1.pk]
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_multi_write_permission(self):
self.client.force_login(self.profile1.user)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(
reverse("galleries-delete"),
{
"delete_multi": "",
"g_items": [self.gallery1.pk, self.gallery2.pk]
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(2, Gallery.objects.all().count())
self.assertEqual(2, UserGallery.objects.all().count())
self.assertEqual(0, Image.objects.all().count())
def test_fail_delete_read_permission(self):
"""when user wants to delete a gallery just with a read permission"""
self.client.force_login(self.profile2.user)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse("galleries-delete"), {
"delete": "",
"gallery": self.gallery1.pk
},
follow=True)
self.assertEqual(403, response.status_code)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
def test_success_delete_write_permission(self):
self.client.force_login(self.profile1.user)
self.assertEqual(4, Gallery.objects.all().count())
self.assertEqual(5, UserGallery.objects.all().count())
self.assertEqual(3, Image.objects.all().count())
response = self.client.post(reverse("galleries-delete"), {
"delete": "",
"gallery": self.gallery1.pk
},
follow=True)
self.assertEqual(200, response.status_code)
self.assertEqual(0,
Gallery.objects.filter(pk=self.gallery1.pk).count())
self.assertEqual(
0,
UserGallery.objects.filter(gallery=self.gallery1).count())
self.assertEqual(0,
Image.objects.filter(gallery=self.gallery1).count())
def test_fail_add_user_with_read_permission(self):
self.client.force_login(self.profile2.user)
# gallery nonexistent
response = self.client.post(
reverse("gallery-members", kwargs={"pk": 99999}),
{
"action": "add",
},
)
self.assertEqual(404, response.status_code)
# try to add a user with write permission
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "add",
"user": self.profile2.user.username,
"mode": "W",
},
)
self.assertEqual(403, response.status_code)
def test_fail_add_user_already_has_permission(self):
self.client.force_login(self.profile1.user)
# Same permission : read
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "add",
"user": self.profile2.user.username,
"mode": "R",
},
follow=True,
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("R", permissions[0].mode)
# try to add write permission to a user
# who has already an read permission
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "add",
"user": self.profile2.user.username,
"mode": "W",
},
follow=True,
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("R", permissions[0].mode)
def test_success_add_user_read_permission(self):
self.client.force_login(self.profile1.user)
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "add",
"user": self.profile3.user.username,
"mode": "R",
},
follow=True,
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("R", permissions[0].mode)
def test_success_add_user_write_permission(self):
self.client.force_login(self.profile1.user)
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "add",
"user": self.profile3.user.username,
"mode": "W",
},
follow=True,
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("W", permissions[0].mode)
def test_success_modify_user_write_permission(self):
self.client.force_login(self.profile1.user)
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "add",
"user": self.profile3.user.username,
"mode": "W",
},
follow=True,
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("W", permissions[0].mode)
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "edit",
"user": self.profile3.user.username,
"mode": "R",
},
follow=True,
)
self.assertEqual(200, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile3.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("R", permissions[0].mode)
def test_fail_user_modify_self(self):
self.client.force_login(self.profile1.user)
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "edit",
"user": self.profile1.user.username,
"mode": "R",
},
follow=True,
)
self.assertEqual(403, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile1.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("W", permissions[0].mode)
def test_success_user_leave_gallery(self):
self.client.force_login(self.profile1.user)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# kick the other
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "leave",
"user": self.profile2.user.username,
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(user_galleries.count(), 1)
self.assertEqual(user_galleries.last().user, self.profile1.user)
def test_error_last_user_with_write_leave_gallery(self):
self.client.force_login(self.profile1.user)
user_gallery = UserGallery.objects.filter(gallery=self.gallery1,
user=self.profile1.user)
self.assertEqual(user_gallery.count(), 1)
# try to quit
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "leave",
"user": self.profile1.user.username,
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(user_gallery.count(), 1) # not gone
def test_success_user_with_read_permission_leave_gallery(self):
self.client.force_login(self.profile2.user)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# leave
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "leave",
"user": self.profile2.user.username,
},
follow=True,
)
self.assertEqual(200, response.status_code)
self.assertEqual(user_galleries.count(), 1)
self.assertEqual(user_galleries.last().user, self.profile1.user)
def test_fail_user_modify_user_has_permission(self):
self.client.force_login(self.profile2.user)
user_galleries = UserGallery.objects.filter(gallery=self.gallery1)
self.assertEqual(user_galleries.count(), 2)
# set W
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "edit",
"user": self.profile2.user.username,
"mode": "W",
},
follow=True,
)
self.assertEqual(403, response.status_code)
permissions = UserGallery.objects.filter(user=self.profile2.user,
gallery=self.gallery1)
self.assertEqual(1, len(permissions))
self.assertEqual("R", permissions[0].mode)
# kick other
response = self.client.post(
reverse("gallery-members", kwargs={"pk": self.gallery1.pk}),
{
"action": "leave",
"user": self.profile1.user.username,
},
follow=True,
)
self.assertEqual(403, response.status_code)
self.assertEqual(user_galleries.count(), 2)
