more tests for dj search views

misago/conf/defaults.py

@@ -162,6 +162,7 @@ MISAGO_THREAD_TYPES = (
 )
 
 MISAGO_SEARCH_EXTENSIONS = (
+    'misago.threads.search.SearchThreads',
     'misago.users.search.SearchUsers',
 )
 

misago/search/tests/test_search_views.py

@@ -1,17 +1,11 @@
 from django.urls import reverse
 
 from misago.acl.testutils import override_acl
+from misago.threads.search import SearchThreads
 from misago.users.testutils import AuthenticatedUserTestCase
 
 
 class LandingTests(AuthenticatedUserTestCase):
-    """
-    todo:
-
-    - no search providers registered
-    - no search providers allowed
-    - redirect to first search provider
-    """
     def setUp(self):
         super(LandingTests, self).setUp()
 
@@ -24,16 +18,22 @@ class LandingTests(AuthenticatedUserTestCase):
         })
 
         response = self.client.get(self.test_link)
+
         self.assertContains(
             response, "have permission to search site", status_code=403)
 
+    def test_redirect_to_provider(self):
+        """view validates permission to search forum"""
+        response = self.client.get(self.test_link)
+
+        self.assertEqual(response.status_code, 302)
+        self.assertIn(SearchThreads.url, response['location'])
+
 
 class SearchTests(AuthenticatedUserTestCase):
     """
     todo:
 
-    - no search providers registered
-    - search provider name not found
     - search provider disallowed
     - noscript view displayed
     """
@@ -45,5 +45,32 @@ class SearchTests(AuthenticatedUserTestCase):
 
         response = self.client.get(
             reverse('misago:search', kwargs={'search_provider': 'users'}))
+
         self.assertContains(
             response, "have permission to search site", status_code=403)
+
+    def test_not_found(self):
+        """view raises 404 for not found provider"""
+        response = self.client.get(
+            reverse('misago:search', kwargs={'search_provider': 'nada'}))
+
+        self.assertEqual(response.status_code, 404)
+
+    def test_provider_no_permission(self):
+        """provider raises 403 without permission"""
+        override_acl(self.user, {
+            'can_search_users': 0
+        })
+
+        response = self.client.get(
+            reverse('misago:search', kwargs={'search_provider': 'users'}))
+
+        self.assertContains(
+            response, "have permission to search users", status_code=403)
+
+    def test_provider(self):
+        """provider displays no script page"""
+        response = self.client.get(
+            reverse('misago:search', kwargs={'search_provider': 'threads'}))
+
+        self.assertContains(response, "enable JavaScript")

misago/search/tests/testproviders.py

@@ -1,16 +0,0 @@
-from django.core.exceptions import PermissionDenied
-
-from ..search import SearchProvider
-
-
-class AllowedProvider(SearchProvider):
-    name = "Allowed provider"
-    url = 'allowed-provider'
-
-
-class ForbiddenProvider(SearchProvider):
-    name = "Forbidden provider"
-    url = 'forbidden-provider'
-
-    def allow_search(self):
-        raise PermissionDenied("You can't search this, dave")

misago/search/views.py

@@ -18,10 +18,11 @@ def landing(request):
 
 
 def search(request, search_provider):
-    if not request.user.acl['can_search']:
+    all_providers = searchproviders.get_providers(request)
+    if not request.user.acl['can_search'] or not all_providers:
         raise PermissionDenied(_("You don't have permission to search site."))
 
-    for provider in searchproviders.get_providers(request):
+    for provider in all_providers:
         if provider.url == search_provider:
             provider.allow_search()
             break

misago/threads/search.py

@@ -0,0 +1,8 @@
+from django.utils.translation import ugettext_lazy as _
+
+from misago.search import SearchProvider
+
+
+class SearchThreads(SearchProvider):
+    name = _("Threads")
+    url = 'threads'

misago/users/api/userendpoints/list.py

@@ -33,22 +33,26 @@ def active(request):
 
 
 def generic(request):
+    allow_name_search = True
     queryset = get_user_model().objects
+
     if request.query_params.get('followers'):
         user_pk = get_int_or_404(request.query_params.get('followers'))
         queryset = get_object_or_404(queryset, pk=user_pk).followed_by
     elif request.query_params.get('follows'):
         user_pk = get_int_or_404(request.query_params.get('follows'))
         queryset = get_object_or_404(queryset, pk=user_pk).follows
-
-    if request.query_params.get('rank'):
+    elif request.query_params.get('rank'):
         rank_pk = get_int_or_404(request.query_params.get('rank'))
         rank = get_object_or_404(Rank.objects, pk=rank_pk, is_tab=True)
         queryset = queryset.filter(rank=rank)
+        allow_name_search = False
+    else:
+        raise Http404() # don't use this api for searches
 
     if request.query_params.get('name'):
         name_starts_with = request.query_params.get('name').strip().lower()
-        if name_starts_with:
+        if name_starts_with and allow_name_search:
             queryset = queryset.filter(slug__startswith=name_starts_with)
         else:
             raise Http404()

misago/users/permissions/profiles.py

@@ -35,7 +35,6 @@ class LimitedPermissionsForm(forms.Form):
 
     can_browse_users_list = CAN_BROWSE_USERS_LIST
     can_search_users = CAN_SEARCH_USERS
-    can_search_users = CAN_SEARCH_USERS
     can_see_users_name_history = CAN_SEE_USER_NAME_HISTORY
     can_see_ban_details = CAN_SEE_BAN_DETAILS
 

misago/users/search.py

@@ -1,8 +1,14 @@
-from django.utils.translation import ugettext_lazy as _
+from django.core.exceptions import PermissionDenied
+from django.utils.translation import ugettext as _, ugettext_lazy
 
 from misago.search import SearchProvider
 
 
 class SearchUsers(SearchProvider):
-    name = _("Search users")
+    name = ugettext_lazy("Users")
     url = 'users'
+
+    def allow_search(self):
+        if not self.request.user.acl['can_search_users']:
+            raise PermissionDenied(
+                _("You don't have permission to search users."))