Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix #826: unapproved posts flag shown to non-moderators

Rafał Pitoń 8 years ago
parent
bebe35ff69
commit
0a650d8e6a
3 changed files with 37 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      misago/templates/misago/threadslist/thread.html
  2. 9 1
      misago/threads/serializers/thread.py
  3. 27 0
      misago/threads/tests/test_threads_api.py

+ 1 - 1
misago/templates/misago/threadslist/thread.html
View File 

@@ -40,7 +40,7 @@
 
           {% trans "Unapproved" %}
 
         </span>
 
       </span>
 
-    {% elif thread.has_unapproved_posts %}
 
+    {% elif thread.has_unapproved_posts and thread.acl.can_approve %}
 
       <span class="thread-detail-unapproved-posts">
 
         <span class="material-icon">
 
           remove_circle_outline

+ 9 - 1
misago/threads/serializers/thread.py
View File 

@@ -26,6 +26,7 @@ class ThreadSerializer(serializers.ModelSerializer, MutableFields):
 
     category = BasicCategorySerializer(many=False, read_only=True)
 
 
     acl = serializers.SerializerMethodField()
 
+    has_unapproved_posts = serializers.SerializerMethodField()
 
     is_new = serializers.SerializerMethodField()
 
     is_read = serializers.SerializerMethodField()
 
     path = BasicCategorySerializer(many=True, read_only=True)
 
@@ -68,6 +69,14 @@ class ThreadSerializer(serializers.ModelSerializer, MutableFields):
 
         except AttributeError:
 
             return {}
 
 
+    def get_has_unapproved_posts(self, obj):
 
+        try:
 
+            acl = obj.acl
 
+        except AttributeError:
 
+            return False
 
+
 
+        return acl.get('can_approve') and obj.has_unapproved_posts
 
+
 
     def get_is_new(self, obj):
 
         try:
 
             return obj.is_new
 
@@ -139,7 +148,6 @@ class ThreadsListSerializer(ThreadSerializer):
 
     starter = serializers.SerializerMethodField()
 
     last_poster = serializers.SerializerMethodField()
 
 
-
 
     class Meta:
 
         model = Thread
 
         fields = ThreadSerializer.Meta.fields + [

+ 27 - 0
misago/threads/tests/test_threads_api.py
View File 

@@ -162,6 +162,33 @@ class ThreadRetrieveApiTests(ThreadsApiTestCase):
 
         response = self.client.get(self.tested_links[1])
 
         self.assertContains(response, unapproved_post.get_absolute_url())
 
 
+    def test_api_validates_has_unapproved_posts_visibility(self):
 
+        """api checks acl before exposing unapproved flag"""
 
+        self.thread.has_unapproved_posts = True
 
+        self.thread.save()
 
+
 
+        for link in self.tested_links:
 
+            self.override_acl()
 
+
 
+            response = self.client.get(link)
 
+            self.assertEqual(response.status_code, 200)
 
+
 
+            response_json = response.json()
 
+            self.assertEqual(response_json['id'], self.thread.pk)
 
+            self.assertEqual(response_json['title'], self.thread.title)
 
+            self.assertFalse(response_json['has_unapproved_posts'])
 
+
 
+        for link in self.tested_links:
 
+            self.override_acl({'can_approve_content': 1})
 
+
 
+            response = self.client.get(link)
 
+            self.assertEqual(response.status_code, 200)
 
+
 
+            response_json = response.json()
 
+            self.assertEqual(response_json['id'], self.thread.pk)
 
+            self.assertEqual(response_json['title'], self.thread.title)
 
+            self.assertTrue(response_json['has_unapproved_posts'])
 
+
 
 
 class ThreadsReadApiTests(ThreadsApiTestCase):
 
     def setUp(self):