def test_only_uploaders_post_image(self, test_app):
""" Test that only uploaders can upload images """
# Remove uploader permissions from user
take_away_privileges(self.user.username, u"uploader")
# Now try and upload a image
data = open(GOOD_JPG, "rb").read()
headers = {
"Content-Type": "image/jpeg",
"Content-Length": str(len(data)),
}
with self.mock_oauth():
with pytest.raises(AppError) as excinfo:
test_app.post("/api/user/{0}/uploads".format(
self.user.username),
data,
headers=headers)
# Assert that we've got a 403
assert "403 FORBIDDEN" in excinfo.value.args[0]
def test_only_uploaders_post_image(self, test_app):
""" Test that only uploaders can upload images """
# Remove uploader permissions from user
take_away_privileges(self.user.username, u"uploader")
# Now try and upload a image
data = open(GOOD_JPG, "rb").read()
headers = {
"Content-Type": "image/jpeg",
"Content-Length": str(len(data)),
}
with self.mock_oauth():
with pytest.raises(AppError) as excinfo:
test_app.post(
"/api/user/{0}/uploads".format(self.user.username),
data,
headers=headers
)
# Assert that we've got a 403
assert "403 FORBIDDEN" in excinfo.value.args[0]
def give_or_take_away_privilege(request, url_user):
"""
A form action to give or take away a particular privilege from a user.
Can only be used by an admin.
"""
form = moderation_forms.PrivilegeAddRemoveForm(request.form)
if request.method == "POST" and form.validate():
privilege = Privilege.query.filter(Privilege.privilege_name == form.privilege_name.data).one()
if not take_away_privileges(url_user.username, form.privilege_name.data):
give_privileges(url_user.username, form.privilege_name.data)
url_user.save()
return redirect(request, "mediagoblin.moderation.users_detail", user=url_user.username)
def give_or_take_away_privilege(request, url_user):
'''
A form action to give or take away a particular privilege from a user.
Can only be used by an admin.
'''
form = moderation_forms.PrivilegeAddRemoveForm(request.form)
if request.method == "POST" and form.validate():
privilege = Privilege.query.filter(
Privilege.privilege_name == form.privilege_name.data).one()
if not take_away_privileges(url_user.username,
form.privilege_name.data):
give_privileges(url_user.username, form.privilege_name.data)
url_user.save()
return redirect(request,
'mediagoblin.moderation.users_detail',
user=url_user.username)