def test_review_on_item_bad(self): register(RegisteredUser('TomerTomer', '1234567878')) ItemsLogic.add_item_to_shop( Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular', None, 0, 0, 0), 'YoniYoni') ItemsLogic.add_review_on_item(ItemReview('TomerTomer', 1, 'Good', 10)) reviews = get_all_reviews_on_item(1) self.assertEqual(reviews, [])
def test_review_on_item_bad_writer(self): register(RegisteredUser('TomerTomer', '1234567878')) ItemsLogic.add_item_to_shop( Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular', None, 0, 0, 0), 'YoniYoni') purchase_id = add_purchase_and_return_id(datetime.now(), 'TomerTomer', 0) PurchasedItems.add_purchased_item(purchase_id, 1, 5, 10) ItemsLogic.add_review_on_item(ItemReview('YoniYoni', 1, 'Good', 10)) self.assertFalse(get_all_reviews_on_item(1))
def add_review_on_item(request): if request.method == 'POST': item_id = request.POST.get('item_id') description = request.POST.get('description') rank = request.POST.get('rank') event = "ADD REVIEW" suspect_sql_injection = False suspect_sql_injection = LoggerLogic.identify_sql_injection( item_id, event) or suspect_sql_injection suspect_sql_injection = LoggerLogic.identify_sql_injection( description, event) or suspect_sql_injection suspect_sql_injection = LoggerLogic.identify_sql_injection( rank, event) or suspect_sql_injection if suspect_sql_injection: return HttpResponse(MESSAGE_SQL_INJECTION) login = request.COOKIES.get('login_hash') if login is not None: writer_name = Consumer.loggedInUsers.get(login) old_review = ItemsLogic.get_item_review_with_writer( item_id, writer_name) if old_review is not False: return HttpResponse('has reviews') review = ItemReview(writer_name, item_id, description, rank) if ItemsLogic.add_review_on_item(review): return HttpResponse('success') return HttpResponse('fail')