Пример #1
0
    def test_only_uploaders_post_image(self, test_app):
        """ Test that only uploaders can upload images """
        # Remove uploader permissions from user
        take_away_privileges(self.user.username, u"uploader")

        # Now try and upload a image
        data = open(GOOD_JPG, "rb").read()
        headers = {
            "Content-Type": "image/jpeg",
            "Content-Length": str(len(data)),
        }

        with self.mock_oauth():
            with pytest.raises(AppError) as excinfo:
                test_app.post("/api/user/{0}/uploads".format(
                    self.user.username),
                              data,
                              headers=headers)

            # Assert that we've got a 403
            assert "403 FORBIDDEN" in excinfo.value.args[0]
Пример #2
0
    def test_only_uploaders_post_image(self, test_app):
        """ Test that only uploaders can upload images """
        # Remove uploader permissions from user
        take_away_privileges(self.user.username, u"uploader")

        # Now try and upload a image
        data = open(GOOD_JPG, "rb").read()
        headers = {
            "Content-Type": "image/jpeg",
            "Content-Length": str(len(data)),
        }

        with self.mock_oauth():
            with pytest.raises(AppError) as excinfo:
                test_app.post(
                    "/api/user/{0}/uploads".format(self.user.username),
                    data,
                    headers=headers
                )

            # Assert that we've got a 403
            assert "403 FORBIDDEN" in excinfo.value.args[0]
Пример #3
0
def give_or_take_away_privilege(request, url_user):
    """
    A form action to give or take away a particular privilege from a user.
    Can only be used by an admin.
    """
    form = moderation_forms.PrivilegeAddRemoveForm(request.form)
    if request.method == "POST" and form.validate():
        privilege = Privilege.query.filter(Privilege.privilege_name == form.privilege_name.data).one()
        if not take_away_privileges(url_user.username, form.privilege_name.data):

            give_privileges(url_user.username, form.privilege_name.data)
        url_user.save()

    return redirect(request, "mediagoblin.moderation.users_detail", user=url_user.username)
Пример #4
0
def give_or_take_away_privilege(request, url_user):
    '''
    A form action to give or take away a particular privilege from a user.
    Can only be used by an admin.
    '''
    form = moderation_forms.PrivilegeAddRemoveForm(request.form)
    if request.method == "POST" and form.validate():
        privilege = Privilege.query.filter(
            Privilege.privilege_name == form.privilege_name.data).one()
        if not take_away_privileges(url_user.username,
                                    form.privilege_name.data):

            give_privileges(url_user.username, form.privilege_name.data)
        url_user.save()

    return redirect(request,
                    'mediagoblin.moderation.users_detail',
                    user=url_user.username)