def test_approved_feed_population(self): """Ensure only approved users get approved posts but in there feed.""" # Create a user to test creating post user1 = create_account('user1', '*****@*****.**', 'Password') user2 = create_account('user2', '*****@*****.**', 'Password') user3 = create_account('user3', '*****@*****.**', 'Password') follow_user(user2, user1) follow_user(user3, user1) approve_user(user1, user2) create_post(user1, 'user1', 'Test post', permission=K.PERM_APPROVED) self.assertEqual(len(get_feed(user2).items), 1) self.assertEqual(len(get_feed(user3).items), 0)
def test_approved_unapproved_is_approved(self): """Ensure a user can approve and unapprove a follower. Also test the checking of this state""" user1 = create_account('user1', '*****@*****.**', 'Password') user2 = create_account('user2', '*****@*****.**', 'Password') user3 = create_account('user3', '*****@*****.**', 'Password') # User should not be following a user self.assertFalse(is_approved(user1, user2)) # User can't approve a user he is not following self.assertFalse(approve_user(user1, user2)) # Follow wrong way round. The user to be approved must follow you follow_user(user1, user2) self.assertFalse(approve_user(user1, user2)) self.assertFalse(is_approved(user1, user2)) # Correct way round follow_user(user2, user1) self.assertTrue(approve_user(user1, user2)) self.assertTrue(is_approved(user1, user2)) # Try an un-approved a non follower self.assertFalse(is_approved(user1, user3)) self.assertFalse(unapprove_user(user1, user3)) # Try and un-approve a non approved follower follow_user(user3, user1) self.assertFalse(is_approved(user1, user3)) self.assertFalse(unapprove_user(user1, user3)) # Un-approve an approved folloer self.assertTrue(is_approved(user1, user2)) self.assertTrue(unapprove_user(user1, user2)) self.assertFalse(is_approved(user1, user2)) # Ensure a user is un-approved if they stop following you # and you had approved them self.assertTrue(approve_user(user1, user2)) self.assertTrue(is_approved(user1, user2)) unfollow_user(user2, user1) self.assertFalse(is_approved(user1, user2))
def approve(username): """Follow a user.""" redirect_url = handle_next(request, url_for('users.followers', username=current_user.get('username'))) user_id = get_uid(username) # If we don't get a uid from the username the page doesn't exist if user_id is None: abort(404) if user_id != current_user.get('_id'): if approve_user(current_user.get('_id'), user_id): flash('You have put your trust %s' % username, 'success') else: flash('You can\'t trust a user who is not following you', 'error') else: flash('You should already trust yourself ;-P', 'information') return redirect(redirect_url)
def approve(username): """Follow a user.""" redirect_url = handle_next( request, url_for('users.followers', username=current_user.get('username'))) user_id = get_uid(username) # If we don't get a uid from the username the page doesn't exist if user_id is None: abort(404) if user_id != current_user.get('_id'): if approve_user(current_user.get('_id'), user_id): flash('You have put your trust %s' % username, 'success') else: flash('You can\'t trust a user who is not following you', 'error') else: flash('You should already trust yourself ;-P', 'information') return redirect(redirect_url)
def test_permissions(self): """Ensure only users with the correct permissions can see posts""" user1 = create_account('user1', '*****@*****.**', 'Password') activate(user1) post1 = create_post(user1, 'user1', 'Test public', permission=0) post2 = create_post(user1, 'user1', 'Test pjuu', permission=1) post3 = create_post(user1, 'user1', 'Test approved', permission=2) resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('Test public', resp.data) self.assertNotIn('Test pjuu', resp.data) self.assertNotIn('Test approved', resp.data) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post1)) self.assertEqual(resp.status_code, 200) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post2)) self.assertEqual(resp.status_code, 403) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post3)) self.assertEqual(resp.status_code, 403) # Create a user and check we can see the Pjuu-wide post user2 = create_account('user2', '*****@*****.**', 'Password') activate(user2) self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('Test public', resp.data) self.assertIn('Test pjuu', resp.data) self.assertNotIn('Test approved', resp.data) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post1)) self.assertEqual(resp.status_code, 200) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post2)) self.assertEqual(resp.status_code, 200) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post3)) self.assertEqual(resp.status_code, 403) # Have user1 approve user2 and ensure he can see all posts # User2 needs to be following user1 follow_user(user2, user1) approve_user(user1, user2) self.assertTrue(is_approved(user1, user2)) resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('Test public', resp.data) self.assertIn('Test pjuu', resp.data) self.assertIn('Test approved', resp.data) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post1)) self.assertEqual(resp.status_code, 200) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post2)) self.assertEqual(resp.status_code, 200) resp = self.client.get( url_for('posts.view_post', username='******', post_id=post3)) self.assertEqual(resp.status_code, 200)
def test_permissions(self): """Ensure only users with the correct permissions can see posts""" user1 = create_account('user1', '*****@*****.**', 'Password') activate(user1) post1 = create_post(user1, 'user1', 'Test public', permission=0) post2 = create_post(user1, 'user1', 'Test pjuu', permission=1) post3 = create_post(user1, 'user1', 'Test approved', permission=2) resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('Test public', resp.data) self.assertNotIn('Test pjuu', resp.data) self.assertNotIn('Test approved', resp.data) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post1)) self.assertEqual(resp.status_code, 200) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post2)) self.assertEqual(resp.status_code, 403) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post3)) self.assertEqual(resp.status_code, 403) # Create a user and check we can see the Pjuu-wide post user2 = create_account('user2', '*****@*****.**', 'Password') activate(user2) self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('Test public', resp.data) self.assertIn('Test pjuu', resp.data) self.assertNotIn('Test approved', resp.data) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post1)) self.assertEqual(resp.status_code, 200) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post2)) self.assertEqual(resp.status_code, 200) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post3)) self.assertEqual(resp.status_code, 403) # Have user1 approve user2 and ensure he can see all posts # User2 needs to be following user1 follow_user(user2, user1) approve_user(user1, user2) self.assertTrue(is_approved(user1, user2)) resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('Test public', resp.data) self.assertIn('Test pjuu', resp.data) self.assertIn('Test approved', resp.data) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post1)) self.assertEqual(resp.status_code, 200) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post2)) self.assertEqual(resp.status_code, 200) resp = self.client.get(url_for('posts.view_post', username='******', post_id=post3)) self.assertEqual(resp.status_code, 200)