def test_approved_unapproved_is_approved(self):
"""Ensure a user can approve and unapprove a follower. Also test the
checking of this state"""
user1 = create_account('user1', '*****@*****.**', 'Password')
user2 = create_account('user2', '*****@*****.**', 'Password')
user3 = create_account('user3', '*****@*****.**', 'Password')
# User should not be following a user
self.assertFalse(is_approved(user1, user2))
# User can't approve a user he is not following
self.assertFalse(approve_user(user1, user2))
# Follow wrong way round. The user to be approved must follow you
follow_user(user1, user2)
self.assertFalse(approve_user(user1, user2))
self.assertFalse(is_approved(user1, user2))
# Correct way round
follow_user(user2, user1)
self.assertTrue(approve_user(user1, user2))
self.assertTrue(is_approved(user1, user2))
# Try an un-approved a non follower
self.assertFalse(is_approved(user1, user3))
self.assertFalse(unapprove_user(user1, user3))
# Try and un-approve a non approved follower
follow_user(user3, user1)
self.assertFalse(is_approved(user1, user3))
self.assertFalse(unapprove_user(user1, user3))
# Un-approve an approved folloer
self.assertTrue(is_approved(user1, user2))
self.assertTrue(unapprove_user(user1, user2))
self.assertFalse(is_approved(user1, user2))
# Ensure a user is un-approved if they stop following you
# and you had approved them
self.assertTrue(approve_user(user1, user2))
self.assertTrue(is_approved(user1, user2))
unfollow_user(user2, user1)
self.assertFalse(is_approved(user1, user2))
def test_permissions(self):
"""Ensure only users with the correct permissions can see posts"""
user1 = create_account('user1', '*****@*****.**', 'Password')
activate(user1)
post1 = create_post(user1, 'user1', 'Test public', permission=0)
post2 = create_post(user1, 'user1', 'Test pjuu', permission=1)
post3 = create_post(user1, 'user1', 'Test approved', permission=2)
resp = self.client.get(url_for('users.profile', username='******'))
self.assertIn('Test public', resp.data)
self.assertNotIn('Test pjuu', resp.data)
self.assertNotIn('Test approved', resp.data)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post1))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post2))
self.assertEqual(resp.status_code, 403)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post3))
self.assertEqual(resp.status_code, 403)
# Create a user and check we can see the Pjuu-wide post
user2 = create_account('user2', '*****@*****.**', 'Password')
activate(user2)
self.client.post(url_for('auth.signin'),
data={
'username': '******',
'password': '******'
})
resp = self.client.get(url_for('users.profile', username='******'))
self.assertIn('Test public', resp.data)
self.assertIn('Test pjuu', resp.data)
self.assertNotIn('Test approved', resp.data)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post1))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post2))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post3))
self.assertEqual(resp.status_code, 403)
# Have user1 approve user2 and ensure he can see all posts
# User2 needs to be following user1
follow_user(user2, user1)
approve_user(user1, user2)
self.assertTrue(is_approved(user1, user2))
resp = self.client.get(url_for('users.profile', username='******'))
self.assertIn('Test public', resp.data)
self.assertIn('Test pjuu', resp.data)
self.assertIn('Test approved', resp.data)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post1))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post2))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(
url_for('posts.view_post', username='******', post_id=post3))
self.assertEqual(resp.status_code, 200)
def approved_filter(_profile):
"""Checks if current user has approved the user piped to filter."""
return is_approved(current_user.get('_id'), _profile.get('_id'))
def test_permissions(self):
"""Ensure only users with the correct permissions can see posts"""
user1 = create_account('user1', '*****@*****.**', 'Password')
activate(user1)
post1 = create_post(user1, 'user1', 'Test public', permission=0)
post2 = create_post(user1, 'user1', 'Test pjuu', permission=1)
post3 = create_post(user1, 'user1', 'Test approved', permission=2)
resp = self.client.get(url_for('users.profile', username='******'))
self.assertIn('Test public', resp.data)
self.assertNotIn('Test pjuu', resp.data)
self.assertNotIn('Test approved', resp.data)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post1))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post2))
self.assertEqual(resp.status_code, 403)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post3))
self.assertEqual(resp.status_code, 403)
# Create a user and check we can see the Pjuu-wide post
user2 = create_account('user2', '*****@*****.**', 'Password')
activate(user2)
self.client.post(url_for('auth.signin'), data={
'username': '******',
'password': '******'
})
resp = self.client.get(url_for('users.profile', username='******'))
self.assertIn('Test public', resp.data)
self.assertIn('Test pjuu', resp.data)
self.assertNotIn('Test approved', resp.data)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post1))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post2))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post3))
self.assertEqual(resp.status_code, 403)
# Have user1 approve user2 and ensure he can see all posts
# User2 needs to be following user1
follow_user(user2, user1)
approve_user(user1, user2)
self.assertTrue(is_approved(user1, user2))
resp = self.client.get(url_for('users.profile', username='******'))
self.assertIn('Test public', resp.data)
self.assertIn('Test pjuu', resp.data)
self.assertIn('Test approved', resp.data)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post1))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post2))
self.assertEqual(resp.status_code, 200)
resp = self.client.get(url_for('posts.view_post', username='******',
post_id=post3))
self.assertEqual(resp.status_code, 200)
def approved_filter(_profile):
"""Checks if current user has approved the user piped to filter."""
return is_approved(current_user.get('_id'), _profile.get('_id'))