def test_delete_post_belongs_to_thread_and_forum(self): # Delete post action - post belongs to thread and thread # belongs to forum. f = ForumFactory() t = ThreadFactory(forum=f) # Post belongs to a different forum and thread. p = PostFactory() u = p.author # Give the user the permission to delete posts. g = GroupFactory() ct = ContentType.objects.get_for_model(f) PermissionFactory(codename='forums_forum.post_delete_forum', content_type=ct, object_id=p.thread.forum_id, group=g) PermissionFactory(codename='forums_forum.post_delete_forum', content_type=ct, object_id=f.id, group=g) g.user_set.add(u) self.client.login(username=u.username, password='******') # Post isn't in the passed forum: r = get(self.client, 'forums.delete_post', args=[f.slug, p.thread.id, p.id]) eq_(404, r.status_code) # Post isn't in the passed thread: r = get(self.client, 'forums.delete_post', args=[p.thread.forum.slug, t.id, p.id]) eq_(404, r.status_code)
def setUp(self): url = reverse('forums.threads', args=[u'test-forum']) self.context = {'request': RequestFactory().get(url)} self.group = GroupFactory() # Set up forum_1 f = self.forum_1 = ForumFactory() ct = ContentType.objects.get_for_model(self.forum_1) permission_names = [ 'forums_forum.thread_edit_forum', 'forums_forum.post_edit_forum', 'forums_forum.post_delete_forum', 'forums_forum.thread_delete_forum', 'forums_forum.thread_sticky_forum', 'forums_forum.thread_move_forum', ] for name in permission_names: PermissionFactory(codename=name, content_type=ct, object_id=f.id, group=self.group) # Set up forum_2 f = self.forum_2 = ForumFactory() PermissionFactory(codename='forums_forum.thread_move_forum', content_type=ct, object_id=f.id, group=self.group)
def test_move_thread(self): """Move a thread.""" t = ThreadFactory() f = ForumFactory() u = UserFactory() g = GroupFactory() # Give the user permission to move threads between the two forums. ct = ContentType.objects.get_for_model(f) PermissionFactory(codename="forums_forum.thread_move_forum", content_type=ct, object_id=f.id, group=g) PermissionFactory( codename="forums_forum.thread_move_forum", content_type=ct, object_id=t.forum.id, group=g, ) g.user_set.add(u) self.client.login(username=u.username, password="******") response = post(self.client, "forums.move_thread", {"forum": f.id}, args=[t.forum.slug, t.id]) eq_(200, response.status_code) t = Thread.objects.get(pk=t.pk) eq_(f.id, t.forum.id)
def test_access_restriction(self): """Assert Forums are inaccessible to the public when restricted.""" # If the a forum has 'forums_forum.view_in_forum' permission defined, # then it isn't public by default. If it has # 'forums_forum.post_in_forum', then it isn't postable to by default. f = ForumFactory() ct = ContentType.objects.get_for_model(f) PermissionFactory(codename='forums_forum.view_in_forum', content_type=ct, object_id=f.id) PermissionFactory(codename='forums_forum.post_in_forum', content_type=ct, object_id=f.id) unprivileged_user = UserFactory() assert not f.allows_viewing_by(unprivileged_user) assert not f.allows_posting_by(unprivileged_user)
def test_edit_post_moderator(self): """Editing post as a moderator works.""" p = PostFactory() t = p.thread f = t.forum # Create the moderator group, give it the edit permission # and add a moderator. moderator_group = GroupFactory() ct = ContentType.objects.get_for_model(f) PermissionFactory( codename="forums_forum.post_edit_forum", content_type=ct, object_id=f.id, group=moderator_group, ) moderator = UserFactory() moderator_group.user_set.add(moderator) self.client.login(username=moderator.username, password="******") r = post( self.client, "forums.edit_post", {"content": "More new content"}, args=[f.slug, t.id, p.id], ) eq_(200, r.status_code) edited_p = Post.objects.get(pk=p.pk) eq_("More new content", edited_p.content)
def permission_code(forum, created, extracted, **kwargs): assert created permission = extracted or "forums_forum.view_in_forum" ct = ContentType.objects.get_for_model(forum) PermissionFactory(codename=permission, content_type=ct, object_id=forum.id)
def test_delete_thread_belongs_to_forum(self): """Delete thread action - thread belongs to forum.""" f = ForumFactory() t = ThreadFactory() # Thread belongs to a different forum u = UserFactory() # Give the user the permission to delete threads. g = GroupFactory() ct = ContentType.objects.get_for_model(f) PermissionFactory(codename='forums_forum.thread_delete_forum', content_type=ct, object_id=f.id, group=g) PermissionFactory(codename='forums_forum.thread_delete_forum', content_type=ct, object_id=t.forum.id, group=g) g.user_set.add(u) self.client.login(username=u.username, password='******') r = get(self.client, 'forums.delete_thread', args=[f.slug, t.id]) eq_(404, r.status_code)
def test_restricted_is_invisible(self): """Forums with restricted view_in permission shouldn't show up.""" restricted_forum = ForumFactory() # Make it restricted. ct = ContentType.objects.get_for_model(restricted_forum) PermissionFactory(codename='forums_forum.view_in_forum', content_type=ct, object_id=restricted_forum.id) response = get(self.client, 'forums.forums') self.assertNotContains(response, restricted_forum.slug)
def test_restricted_hide_new_thread(self): """'Post new thread' doesn't show if user has no permission to post. """ f = ForumFactory() ct = ContentType.objects.get_for_model(f) # If the forum has the permission and the user isn't assigned said # permission, then they can't post. PermissionFactory(codename='forums_forum.post_in_forum', content_type=ct, object_id=f.id) u = UserFactory() self.client.login(username=u.username, password='******') response = get(self.client, 'forums.threads', args=[f.slug]) self.assertNotContains(response, 'Post a new thread')
def test_restricted_hide_reply(self): """Reply fields don't show if user has no permission to post.""" t = ThreadFactory() f = t.forum ct = ContentType.objects.get_for_model(f) # If the forum has the permission and the user isn't assigned said # permission, then they can't post. PermissionFactory(codename='forums_forum.post_in_forum', content_type=ct, object_id=f.id) u = UserFactory() self.client.login(username=u.username, password='******') response = get(self.client, 'forums.posts', args=[f.slug, t.pk]) self.assertNotContains(response, 'thread-reply')
def test_sticky_thread_belongs_to_forum(self): """Sticky action - thread belongs to forum.""" f = ForumFactory() t = ThreadFactory() # Thread belongs to a different forum u = UserFactory() # Give the user the permission to sticky threads. g = GroupFactory() ct = ContentType.objects.get_for_model(f) PermissionFactory(codename="forums_forum.thread_sticky_forum", content_type=ct, object_id=f.id, group=g) PermissionFactory( codename="forums_forum.thread_sticky_forum", content_type=ct, object_id=t.forum.id, group=g, ) g.user_set.add(u) self.client.login(username=u.username, password="******") r = post(self.client, "forums.sticky_thread", {}, args=[f.slug, t.id]) eq_(404, r.status_code)
def test_edit_thread_moderator(self): """Editing post as a moderator works.""" t = ThreadFactory() f = t.forum u = UserFactory() g = GroupFactory() ct = ContentType.objects.get_for_model(f) PermissionFactory(codename='forums_forum.thread_edit_forum', content_type=ct, object_id=f.id, group=g) g.user_set.add(u) self.client.login(username=u.username, password='******') r = post(self.client, 'forums.edit_thread', {'title': 'new title'}, args=[f.slug, t.id]) eq_(200, r.status_code) edited_t = Thread.objects.get(id=t.id) eq_('new title', edited_t.title)
def test_discussion_forum_with_restricted_forums(self): """Tests who can see restricted forums in search form.""" # This is a long test, but it saves us from doing the setup # twice. forum1 = ForumFactory(name=u'ou812forum') thread1 = ThreadFactory(forum=forum1, title=u'audio 2') PostFactory(thread=thread1) forum2 = RestrictedForumFactory(name=u'restrictedkeepout') thread2 = ThreadFactory(forum=forum2, title=u'audio 2') PostFactory(thread=thread2) self.refresh() # Get the Advanced Search Form as an anonymous user response = self.client.get(reverse('search.advanced'), {'a': '2'}) eq_(200, response.status_code) # Regular forum should show up assert 'ou812forum' in response.content # Restricted forum should not show up assert 'restrictedkeepout' not in response.content u = UserFactory() g = GroupFactory() g.user_set.add(u) ct = ContentType.objects.get_for_model(forum2) PermissionFactory( codename='forums_forum.view_in_forum', content_type=ct, object_id=forum2.id, group=g) # Get the Advanced Search Form as a logged in user self.client.login(username=u.username, password='******') response = self.client.get(reverse('search.advanced'), {'a': '2'}) eq_(200, response.status_code) # Both forums should show up for authorized user assert 'ou812forum' in response.content assert 'restrictedkeepout' in response.content
def test_forums_search_authorized_forums_specifying_forums(self): """Only authorized people can search certain forums they specified""" # Create two threads: one in a restricted forum and one not. forum1 = ForumFactory(name="ou812forum") thread1 = ThreadFactory(forum=forum1) PostFactory(thread=thread1, content="audio") forum2 = RestrictedForumFactory(name="restrictedkeepout") thread2 = ThreadFactory(forum=forum2) PostFactory(thread=thread2, content="audio restricted") self.refresh() # Do a search as an anonymous user and specify both # forums. Should only see the post from the unrestricted # forum. response = self.client.get( reverse("search.advanced"), { "author": "", "created": "0", "created_date": "", "updated": "0", "updated_date": "", "sortby": "0", "forum": [forum1.id, forum2.id], "a": "1", "w": "4", "q": "audio", "format": "json", }, ) eq_(200, response.status_code) content = json.loads(response.content) eq_(content["total"], 1) # Do a search as an authorized user and specify both # forums. Should see both posts. u = UserFactory() g = GroupFactory() g.user_set.add(u) ct = ContentType.objects.get_for_model(forum2) PermissionFactory(codename="forums_forum.view_in_forum", content_type=ct, object_id=forum2.id, group=g) self.client.login(username=u.username, password="******") response = self.client.get( reverse("search.advanced"), { "author": "", "created": "0", "created_date": "", "updated": "0", "updated_date": "", "sortby": "0", "forum": [forum1.id, forum2.id], "a": "1", "w": "4", "q": "audio", "format": "json", }, ) # Sees both results eq_(200, response.status_code) content = json.loads(response.content) eq_(content["total"], 2)
def test_forums_search_authorized_forums_specifying_forums(self): """Only authorized people can search certain forums they specified""" # Create two threads: one in a restricted forum and one not. forum1 = ForumFactory(name=u'ou812forum') thread1 = ThreadFactory(forum=forum1) PostFactory(thread=thread1, content=u'audio') forum2 = RestrictedForumFactory(name=u'restrictedkeepout') thread2 = ThreadFactory(forum=forum2) PostFactory(thread=thread2, content=u'audio restricted') self.refresh() # Do a search as an anonymous user and specify both # forums. Should only see the post from the unrestricted # forum. response = self.client.get(reverse('search.advanced'), { 'author': '', 'created': '0', 'created_date': '', 'updated': '0', 'updated_date': '', 'sortby': '0', 'forum': [forum1.id, forum2.id], 'a': '1', 'w': '4', 'q': 'audio', 'format': 'json' }) eq_(200, response.status_code) content = json.loads(response.content) eq_(content['total'], 1) # Do a search as an authorized user and specify both # forums. Should see both posts. u = UserFactory() g = GroupFactory() g.user_set.add(u) ct = ContentType.objects.get_for_model(forum2) PermissionFactory( codename='forums_forum.view_in_forum', content_type=ct, object_id=forum2.id, group=g) self.client.login(username=u.username, password='******') response = self.client.get(reverse('search.advanced'), { 'author': '', 'created': '0', 'created_date': '', 'updated': '0', 'updated_date': '', 'sortby': '0', 'forum': [forum1.id, forum2.id], 'a': '1', 'w': '4', 'q': 'audio', 'format': 'json' }) # Sees both results eq_(200, response.status_code) content = json.loads(response.content) eq_(content['total'], 2)