wip #884: threads and posts bulk update

misago/threads/api/threadendpoints/patch.py

@@ -1,5 +1,9 @@
+from rest_framework import serializers
+from rest_framework.response import Response
+
 from django.contrib.auth import get_user_model
 from django.core.exceptions import PermissionDenied, ValidationError
+from django.http import Http404
 from django.shortcuts import get_object_or_404
 from django.utils import six
 from django.utils.translation import ugettext as _
@@ -8,6 +12,7 @@ from misago.acl import add_acl
 from misago.categories.models import Category
 from misago.categories.permissions import allow_browse_category, allow_see_category
 from misago.categories.serializers import CategorySerializer
+from misago.conf import settings
 from misago.core.apipatch import ApiPatch
 from misago.core.shortcuts import get_int_or_404
 from misago.threads.moderation import threads as moderation
@@ -21,6 +26,8 @@ from misago.threads.serializers import ThreadParticipantSerializer
 from misago.threads.validators import validate_title
 
 
+PATCH_LIMIT = settings.MISAGO_THREADS_PER_PAGE + settings.MISAGO_THREADS_TAIL
+
 UserModel = get_user_model()
 
 thread_patch_dispatcher = ApiPatch()
@@ -303,3 +310,83 @@ def thread_patch_endpoint(request, thread):
         thread.category.save(update_fields=['last_thread_title', 'last_thread_slug'])
 
     return response
+
+
+def bulk_patch_endpoint(request, viewmodel):
+    serializer = BulkPatchSerializer(data=request.data)
+    if not serializer.is_valid():
+        return Response(serializer.errors, status=400)
+
+    threads = clean_threads_for_patch(request, viewmodel, serializer.data['ids'])
+
+    old_titles = [t.title for t in threads]
+    old_is_hidden = [t.is_hidden for t in threads]
+    old_is_unapproved = [t.is_unapproved for t in threads]
+    old_category = [t.category_id for t in threads]
+
+    response = thread_patch_dispatcher.dispatch_bulk(request, threads)
+
+    new_titles = [t.title for t in threads]
+    new_is_hidden = [t.is_hidden for t in threads]
+    new_is_unapproved = [t.is_unapproved for t in threads]
+    new_category = [t.category_id for t in threads]
+
+    # sync titles
+    if new_titles != old_titles:
+        for i, t in enumerate(threads):
+            if t.title != old_titles[i] and t.category.last_thread_id == t.pk:
+                t.category.last_thread_title = t.title
+                t.category.last_thread_slug = t.slug
+                t.category.save(update_fields=['last_thread_title', 'last_thread_slug'])
+
+    # sync categories
+    sync_categories = []
+
+    if new_is_hidden != old_is_hidden:
+        for i, t in enumerate(threads):
+            if t.is_hidden != old_is_hidden[i] and t.category_id not in sync_categories:
+                sync_categories.append(t.category_id)
+
+    if new_is_unapproved != old_is_unapproved:
+        for i, t in enumerate(threads):
+            if t.is_unapproved != old_is_unapproved[i] and t.category_id not in sync_categories:
+                sync_categories.append(t.category_id)
+
+    if new_category != old_category:
+        for i, t in enumerate(threads):
+            if t.category_id != old_category[i]:
+                if t.category_id not in sync_categories:
+                    sync_categories.append(t.category_id)
+                if old_category[i] not in sync_categories:
+                    sync_categories.append(old_category[i])
+
+    if sync_categories:
+        for category in Category.objects.filter(id__in=sync_categories):
+            category.synchronize()
+            category.save()
+
+    return response
+
+
+def clean_threads_for_patch(request, viewmodel, threads_ids):
+    threads = []
+    for thread_id in sorted(set(threads_ids), reverse=True):
+        try:
+            threads.append(viewmodel(request, thread_id).unwrap())
+        except (Http404, PermissionDenied):
+            raise PermissionDenied(_("One or more threads to update could not be found."))
+    return threads
+
+
+class BulkPatchSerializer(serializers.Serializer):
+    ids = serializers.ListField(
+        child=serializers.IntegerField(min_value=1),
+        max_length=PATCH_LIMIT,
+        min_length=1,
+    )
+    ops = serializers.ListField(
+        child=serializers.DictField(),
+        min_length=1,
+        max_length=10,
+    )
+

misago/threads/api/threads.py

@@ -19,7 +19,7 @@ from .threadendpoints.delete import delete_bulk, delete_thread
 from .threadendpoints.editor import thread_start_editor
 from .threadendpoints.list import private_threads_list_endpoint, threads_list_endpoint
 from .threadendpoints.merge import thread_merge_endpoint, threads_merge_endpoint
-from .threadendpoints.patch import thread_patch_endpoint
+from .threadendpoints.patch import bulk_patch_endpoint, thread_patch_endpoint
 from .threadendpoints.read import read_private_threads, read_threads
 
 
@@ -52,6 +52,9 @@ class ViewSet(viewsets.ViewSet):
         thread = self.get_thread(request, pk).unwrap()
         return thread_patch_endpoint(request, thread)
 
+    def patch(self, request):
+        return bulk_patch_endpoint(request, self.thread)
+
     def delete(self, request, pk=None):
         if pk:
             thread = self.get_thread(request, pk).unwrap()

misago/threads/tests/test_thread_bulkpatch_api.py

@@ -0,0 +1,400 @@
+import json
+
+from django.urls import reverse
+
+from misago.acl.testutils import override_acl
+from misago.categories.models import Category
+from misago.threads import testutils
+from misago.threads.models import Thread
+
+from .test_threads_api import ThreadsApiTestCase
+
+
+class ThreadsBulkPatchApiTestCase(ThreadsApiTestCase):
+    def setUp(self):
+        super(ThreadsBulkPatchApiTestCase, self).setUp()
+
+        self.threads = list(reversed([
+            testutils.post_thread(category=self.category),
+            testutils.post_thread(category=self.category),
+            testutils.post_thread(category=self.category),
+        ]))
+
+        self.ids = list(reversed([t.id for t in self.threads]))
+
+        self.api_link = reverse('misago:api:thread-list')
+
+    def patch(self, api_link, ops):
+        return self.client.patch(api_link, json.dumps(ops), content_type="application/json")
+
+
+
+class BulkPatchSerializerTests(ThreadsBulkPatchApiTestCase):
+    def test_invalid_input_type(self):
+        """api rejects invalid input type"""
+        response = self.patch(self.api_link, [1, 2, 3])
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), {
+            'non_field_errors': [
+                "Invalid data. Expected a dictionary, but got list.",
+            ],
+        })
+
+    def test_missing_input_keys(self):
+        """api rejects input with missing keys"""
+        response = self.patch(self.api_link, {})
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), {
+            'ids': [
+                "This field is required.",
+            ],
+            'ops': [
+                "This field is required.",
+            ],
+        })
+
+    def test_empty_input_keys(self):
+        """api rejects input with empty keys"""
+        response = self.patch(self.api_link, {
+            'ids': [],
+            'ops': [],
+        })
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), {
+            'ids': [
+                "Ensure this field has at least 1 elements.",
+            ],
+            'ops': [
+                "Ensure this field has at least 1 elements.",
+            ],
+        })
+
+    def test_invalid_input_keys(self):
+        """api rejects input with invalid keys"""
+        response = self.patch(self.api_link, {
+            'ids': ['a'],
+            'ops': [1],
+        })
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), {
+            'ids': [
+                "A valid integer is required.",
+            ],
+            'ops': [
+                'Expected a dictionary of items but got type "int".',
+            ],
+        })
+
+    def test_too_small_id(self):
+        """api rejects input with implausiple id"""
+        response = self.patch(self.api_link, {
+            'ids': [0],
+            'ops': [{}],
+        })
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), {
+            'ids': [
+                "Ensure this value is greater than or equal to 1.",
+            ],
+        })
+
+    def test_too_large_input(self):
+        """api rejects too large input"""
+        response = self.patch(self.api_link, {
+            'ids': [i + 1 for i in range(200)],
+            'ops': [{} for i in range(200)],
+        })
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), {
+            'ids': [
+                "Ensure this field has no more than 40 elements.",
+            ],
+            'ops': [
+                "Ensure this field has no more than 10 elements.",
+            ],
+        })
+
+    def test_threads_not_found(self):
+        """api fails to find threads"""
+        threads = [
+            testutils.post_thread(category=self.category, is_hidden=True),
+            testutils.post_thread(category=self.category, is_unapproved=True),
+        ]
+
+        response = self.patch(self.api_link, {
+            'ids': [t.id for t in threads],
+            'ops': [{}],
+        })
+
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.json(), {
+            'detail': "One or more threads to update could not be found.",
+        })
+
+    def test_ops_invalid(self):
+        """api validates descriptions"""
+        response = self.patch(self.api_link, {
+            'ids': self.ids[:1],
+            'ops': [{}],
+        })
+
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json(), [
+            {'id': self.ids[0], 'detail': ['undefined op']},
+        ])
+
+    def test_anonymous_user(self):
+        """anonymous users can't use bulk actions"""
+        self.logout_user()
+
+        response = self.patch(self.api_link, {
+            'ids': self.ids[:1],
+            'ops': [{}],
+        })
+        self.assertEqual(response.status_code, 403)
+
+
+class ThreadAddAclApiTests(ThreadsBulkPatchApiTestCase):
+    def test_add_acl_true(self):
+        """api adds current threads acl to response"""
+        response = self.patch(self.api_link,
+            {
+            'ids': self.ids,
+            'ops': [
+                {
+                    'op': 'add',
+                    'path': 'acl',
+                    'value': True,
+                },
+            ]
+        })
+        self.assertEqual(response.status_code, 200)
+
+        response_json = response.json()
+        for i, thread in enumerate(self.threads):
+            self.assertEqual(response_json[i]['id'], thread.id)
+            self.assertTrue(response_json[i]['acl'])
+
+
+class BulkThreadChangeTitleApiTests(ThreadsBulkPatchApiTestCase):
+    def test_change_thread_title(self):
+        """api changes thread title and resyncs the category"""
+        self.override_acl({'can_edit_threads': 2})
+
+        response = self.patch(
+            self.api_link,
+            {
+                'ids': self.ids,
+                'ops': [
+                    {
+                        'op': 'replace',
+                        'path': 'title',
+                        'value': 'Changed the title!',
+                    },
+                ]
+            }
+        )
+        self.assertEqual(response.status_code, 200)
+
+        response_json = response.json()
+        for i, thread in enumerate(self.threads):
+            self.assertEqual(response_json[i]['id'], thread.id)
+            self.assertEqual(response_json[i]['title'], 'Changed the title!')
+
+        for thread in Thread.objects.filter(id__in=self.ids):
+            self.assertEqual(thread.title, 'Changed the title!')
+
+        category = Category.objects.get(pk=self.category.pk)
+        self.assertEqual(category.last_thread_title, 'Changed the title!')
+
+    def test_change_thread_title_no_permission(self):
+        """api validates permission to change title, returns errors"""
+        self.override_acl({'can_edit_threads': 0})
+
+        response = self.patch(
+            self.api_link,
+            {
+                'ids': self.ids,
+                'ops': [
+                    {
+                        'op': 'replace',
+                        'path': 'title',
+                        'value': 'Changed the title!',
+                    },
+                ]
+            }
+        )
+        self.assertEqual(response.status_code, 400)
+
+        response_json = response.json()
+        for i, thread in enumerate(self.threads):
+            self.assertEqual(response_json[i]['id'], thread.id)
+            self.assertEqual(
+                response_json[i]['detail'],
+                ["You can't edit threads in this category."],
+            )
+
+
+class BulkThreadMoveApiTests(ThreadsBulkPatchApiTestCase):
+    def setUp(self):
+        super(BulkThreadMoveApiTests, self).setUp()
+
+        Category(
+            name='Category B',
+            slug='category-b',
+        ).insert_at(
+            self.category,
+            position='last-child',
+            save=True,
+        )
+        self.category_b = Category.objects.get(slug='category-b')
+
+    def override_other_acl(self, acl):
+        other_category_acl = self.user.acl_cache['categories'][self.category.pk].copy()
+        other_category_acl.update({
+            'can_see': 1,
+            'can_browse': 1,
+            'can_see_all_threads': 1,
+            'can_see_own_threads': 0,
+            'can_hide_threads': 0,
+            'can_approve_content': 0,
+        })
+        other_category_acl.update(acl)
+
+        categories_acl = self.user.acl_cache['categories']
+        categories_acl[self.category_b.pk] = other_category_acl
+
+        visible_categories = [self.category.pk]
+        if other_category_acl['can_see']:
+            visible_categories.append(self.category_b.pk)
+
+        override_acl(
+            self.user, {
+                'visible_categories': visible_categories,
+                'categories': categories_acl,
+            }
+        )
+
+    def test_move_thread(self):
+        """api moves threads to other category and syncs both categories"""
+        self.override_acl({'can_move_threads': True})
+        self.override_other_acl({'can_start_threads': 2})
+
+        response = self.patch(
+            self.api_link,
+            {
+                'ids': self.ids,
+                'ops': [
+                    {
+                        'op': 'replace',
+                        'path': 'category',
+                        'value': self.category_b.pk,
+                    },
+                    {
+                        'op': 'replace',
+                        'path': 'flatten-categories',
+                        'value': None,
+                    },
+                ]
+            }
+        )
+        self.assertEqual(response.status_code, 200)
+
+        response_json = response.json()
+        for i, thread in enumerate(self.threads):
+            self.assertEqual(response_json[i]['id'], thread.id)
+            self.assertEqual(response_json[i]['category'], self.category_b.pk)
+
+        for thread in Thread.objects.filter(id__in=self.ids):
+            self.assertEqual(thread.category_id, self.category_b.pk)
+
+        category = Category.objects.get(pk=self.category.pk)
+        self.assertEqual(category.threads, self.category.threads - 3)
+
+        new_category = Category.objects.get(pk=self.category_b.pk)
+        self.assertEqual(new_category.threads, 3)
+
+
+class BulkThreadsHideApiTests(ThreadsBulkPatchApiTestCase):
+    def test_hide_thread(self):
+        """api makes it possible to hide thread"""
+        self.override_acl({'can_hide_threads': 1})
+
+        response = self.patch(
+            self.api_link,
+            {
+                'ids': self.ids,
+                'ops': [
+                    {
+                    'op': 'replace',
+                    'path': 'is-hidden',
+                    'value': True,
+                    },
+                ]
+            }
+        )
+        self.assertEqual(response.status_code, 200)
+
+        response_json = response.json()
+        for i, thread in enumerate(self.threads):
+            self.assertEqual(response_json[i]['id'], thread.id)
+            self.assertTrue(response_json[i]['is_hidden'])
+
+        for thread in Thread.objects.filter(id__in=self.ids):
+            self.assertTrue(thread.is_hidden)
+
+        category = Category.objects.get(pk=self.category.pk)
+        self.assertNotIn(category.last_thread_id, self.ids)
+
+
+class BulkThreadsApproveApiTests(ThreadsBulkPatchApiTestCase):
+    def test_approve_thread(self):
+        """api approvse threads and syncs category"""
+        for thread in self.threads:
+            thread.first_post.is_unapproved = True
+            thread.first_post.save()
+
+            thread.synchronize()
+            thread.save()
+
+            self.assertTrue(thread.is_unapproved)
+            self.assertTrue(thread.has_unapproved_posts)
+
+        self.category.synchronize()
+        self.category.save()
+
+        self.override_acl({'can_approve_content': 1})
+
+        response = self.patch(
+            self.api_link,
+            {
+                'ids': self.ids,
+                'ops': [
+                    {
+                    'op': 'replace',
+                    'path': 'is-unapproved',
+                    'value': False,
+                    },
+                ]
+            }
+        )
+        self.assertEqual(response.status_code, 200)
+
+        response_json = response.json()
+        for i, thread in enumerate(self.threads):
+            self.assertEqual(response_json[i]['id'], thread.id)
+            self.assertFalse(response_json[i]['is_unapproved'])
+            self.assertFalse(response_json[i]['has_unapproved_posts'])
+
+        for thread in Thread.objects.filter(id__in=self.ids):
+            self.assertFalse(thread.is_unapproved)
+            self.assertFalse(thread.has_unapproved_posts)
+
+        category = Category.objects.get(pk=self.category.pk)
+        self.assertIn(category.last_thread_id, self.ids)

misago/threads/tests/test_thread_postbulkpatch_api.py

@@ -10,7 +10,7 @@ from django.utils import timezone
 from misago.acl.testutils import override_acl
 from misago.categories.models import Category
 from misago.threads import testutils
-from misago.threads.models import Post
+from misago.threads.models import Post, Thread
 from misago.users.testutils import AuthenticatedUserTestCase
 
 
@@ -145,23 +145,6 @@ class BulkPatchSerializerTests(ThreadPostBulkPatchApiTestCase):
             ],
         })
 
-    def test_invalid_id(self):
-        """api rejects too large input"""
-        response = self.patch(self.api_link, {
-            'ids': [i + 1 for i in range(200)],
-            'ops': [{} for i in range(200)],
-        })
-
-        self.assertEqual(response.status_code, 400)
-        self.assertEqual(response.json(), {
-            'ids': [
-                "Ensure this field has no more than 24 elements.",
-            ],
-            'ops': [
-                "Ensure this field has no more than 10 elements.",
-            ],
-        })
-
     def test_posts_not_found(self):
         """api fails to find posts"""
         posts = [
@@ -220,7 +203,7 @@ class BulkPatchSerializerTests(ThreadPostBulkPatchApiTestCase):
 
 class PostsAddAclApiTests(ThreadPostBulkPatchApiTestCase):
     def test_add_acl_true(self):
-        """api adds current event's acl to response"""
+        """api adds posts acls to response"""
         response = self.patch(self.api_link, {
             'ids': self.ids,
             'ops': [
@@ -238,29 +221,10 @@ class PostsAddAclApiTests(ThreadPostBulkPatchApiTestCase):
             self.assertEqual(response_json[i]['id'], post.id)
             self.assertTrue(response_json[i]['acl'])
 
-    def test_add_acl_false(self):
-        """if value is false, api won't add acl to the response, but will set empty key"""
-        response = self.patch(self.api_link, {
-            'ids': self.ids,
-            'ops': [
-                {
-                    'op': 'add',
-                    'path': 'acl',
-                    'value': False,
-                },
-            ]
-        })
-        self.assertEqual(response.status_code, 200)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertIsNone(response_json[i]['acl'])
-
 
 class BulkPostProtectApiTests(ThreadPostBulkPatchApiTestCase):
     def test_protect_post(self):
-        """api makes it possible to protect post"""
+        """api makes it possible to protect posts"""
         self.override_acl({
             'can_protect_posts': 1,
             'can_edit_posts': 2,
@@ -288,41 +252,8 @@ class BulkPostProtectApiTests(ThreadPostBulkPatchApiTestCase):
         for post in Post.objects.filter(id__in=self.ids):
             self.assertTrue(post.is_protected)
 
-    def test_unprotect_post(self):
-        """api makes it possible to unprotect protected post"""
-        self.override_acl({
-            'can_protect_posts': 1,
-            'can_edit_posts': 2,
-        })
-
-        for post in self.posts:
-            post.is_protected = True
-            post.save()
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-protected',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 200)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertFalse(response_json[i]['is_protected'])
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertFalse(post.is_protected)
-
     def test_protect_post_no_permission(self):
-        """api validates permission to protect post"""
+        """api validates permission to protect posts and returns errors"""
         self.override_acl({'can_protect_posts': 0})
 
         response = self.patch(
@@ -350,116 +281,19 @@ class BulkPostProtectApiTests(ThreadPostBulkPatchApiTestCase):
         for post in Post.objects.filter(id__in=self.ids):
             self.assertFalse(post.is_protected)
 
-    def test_unprotect_post_no_permission(self):
-        """api validates permission to unprotect post"""
-        for post in self.posts:
-            post.is_protected = True
-            post.save()
-
-        self.override_acl({'can_protect_posts': 0})
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-protected',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["You can't protect posts in this category."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertTrue(post.is_protected)
-
-    def test_protect_post_not_editable(self):
-        """api validates if we can edit post we want to protect"""
-        self.override_acl({
-            'can_protect_posts': 1,
-            'can_edit_posts': 0,
-        })
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-protected',
-                        'value': True,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["You can't protect posts you can't edit."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertFalse(post.is_protected)
-
-    def test_unprotect_post_not_editable(self):
-        """api validates if we can edit post we want to protect"""
-        for post in self.posts:
-            post.is_protected = True
-            post.save()
 
-
-        self.override_acl({
-            'can_protect_posts': 1,
-            'can_edit_posts': 0,
-        })
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-protected',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["You can't protect posts you can't edit."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertTrue(post.is_protected)
-
-
-class PostsApproveApiTests(ThreadPostBulkPatchApiTestCase):
+class BulkPostsApproveApiTests(ThreadPostBulkPatchApiTestCase):
     def test_approve_post(self):
-        """api makes it possible to approve post"""
+        """api resyncs thread and categories on posts approval"""
         for post in self.posts:
             post.is_unapproved = True
             post.save()
 
+        self.thread.synchronize()
+        self.thread.save()
+
+        self.assertNotIn(self.thread.last_post_id, self.ids)
+
         self.override_acl({'can_approve_content': 1})
 
         response = self.patch(
@@ -484,214 +318,8 @@ class PostsApproveApiTests(ThreadPostBulkPatchApiTestCase):
         for post in Post.objects.filter(id__in=self.ids):
             self.assertFalse(post.is_unapproved)
 
-    def test_unapprove_post(self):
-        """unapproving posts is not supported by api"""
-        self.override_acl({'can_approve_content': 1})
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-unapproved',
-                        'value': True,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["Content approval can't be reversed."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertFalse(post.is_unapproved)
-
-    def test_approve_post_no_permission(self):
-        """api validates approval permission"""
-        for post in self.posts:
-            post.poster = self.user
-            post.is_unapproved = True
-            post.save()
-
-        self.override_acl({'can_approve_content': 0})
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-unapproved',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["You can't approve posts in this category."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertTrue(post.is_unapproved)
-
-    def test_approve_post_closed_thread_no_permission(self):
-        """api validates approval permission in closed threads"""
-        for post in self.posts:
-            post.is_unapproved = True
-            post.save()
-
-        self.thread.is_closed = True
-        self.thread.save()
-
-        self.override_acl({
-            'can_approve_content': 1,
-            'can_close_threads': 0,
-        })
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-unapproved',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["This thread is closed. You can't approve posts in it."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertTrue(post.is_unapproved)
-
-    def test_approve_post_closed_category_no_permission(self):
-        """api validates approval permission in closed categories"""
-        for post in self.posts:
-            post.is_unapproved = True
-            post.save()
-
-        self.category.is_closed = True
-        self.category.save()
+        thread = Thread.objects.get(pk=self.thread.pk)
+        self.assertIn(thread.last_post_id, self.ids)
 
-        self.override_acl({
-            'can_approve_content': 1,
-            'can_close_threads': 0,
-        })
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-unapproved',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["This category is closed. You can't approve posts in it."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertTrue(post.is_unapproved)
-
-    def test_approve_first_post(self):
-        """api approve first post fails"""
-        for post in self.posts:
-            post.is_unapproved = True
-            post.save()
-
-        self.thread.set_first_post(self.posts[0])
-        self.thread.save()
-
-        self.override_acl({'can_approve_content': 1})
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-unapproved',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        self.assertEqual(response_json[0], {
-            'id': self.posts[0].id,
-            'detail': ["You can't approve thread's first post."],
-        })
-
-        for post in Post.objects.filter(id__in=self.ids):
-            if post.id == self.ids[0]:
-                self.assertTrue(post.is_unapproved)
-            else:
-                self.assertFalse(post.is_unapproved)
-
-    def test_approve_hidden_post(self):
-        """api approve hidden post fails"""
-        for post in self.posts:
-            post.is_unapproved = True
-            post.is_hidden = True
-            post.save()
-
-        self.override_acl({'can_approve_content': 1})
-
-        response = self.patch(
-            self.api_link, {
-                'ids': self.ids,
-                'ops': [
-                    {
-                        'op': 'replace',
-                        'path': 'is-unapproved',
-                        'value': False,
-                    },
-                ]
-            }
-        )
-        self.assertEqual(response.status_code, 400)
-
-        response_json = response.json()
-        for i, post in enumerate(self.posts):
-            self.assertEqual(response_json[i]['id'], post.id)
-            self.assertEqual(
-                response_json[i]['detail'],
-                ["You can't approve posts the content you can't see."],
-            )
-
-        for post in Post.objects.filter(id__in=self.ids):
-            self.assertTrue(post.is_unapproved)
+        category = Category.objects.get(pk=self.category.pk)
+        self.assertEqual(category.posts, 4)