profile moderation api tests

misago/core/forms.py

@@ -20,7 +20,7 @@ Fields
 class YesNoSwitchBase(TypedChoiceField):
     def prepare_value(self, value):
         """normalize bools to binary 1/0 so field works on them too"""
-        return 1 if value in [True, 'True', 1, '1'] else 0
+        return value in (True, 'True', 'true', 1, '1')
 
     def clean(self, value):
         return self.prepare_value(value)
@@ -103,7 +103,7 @@ class AutoStripWhitespacesMixin(object):
             if (field.__class__ in TEXT_BASED_FIELDS and
                     not name in self.autostrip_exclude):
                 try:
-                    self.data[name] = self.data[name].strip()
+                    self.data[name] = (self.data[name] or '').strip()
                 except KeyError:
                     pass
         return super(AutoStripWhitespacesMixin, self).full_clean()

misago/core/tests/test_forms.py

@@ -29,13 +29,15 @@ class YesNoForm(forms.Form):
 class YesNoSwitchTests(TestCase):
     def test_valid_inputs(self):
         """YesNoSwitch returns valid values for valid input"""
-        form = YesNoForm({'test_field': u'1'})
-        form.full_clean()
-        self.assertEqual(form.cleaned_data['test_field'], 1)
-
-        form = YesNoForm({'test_field': u'0'})
-        form.full_clean()
-        self.assertEqual(form.cleaned_data['test_field'], 0)
+        for true in ('1', 'True', 'true', 1, True):
+            form = YesNoForm({'test_field': true})
+            form.full_clean()
+            self.assertEqual(form.cleaned_data['test_field'], 1)
+
+        for false in ('0', 'False', 'false', 'egebege', False, 0):
+            form = YesNoForm({'test_field': false})
+            form.full_clean()
+            self.assertEqual(form.cleaned_data['test_field'], 0)
 
     def test_dontstripme_input_is_ignored(self):
         """YesNoSwitch returns valid values for invalid input"""

misago/users/api/users.py

@@ -1,3 +1,5 @@
+from distutils.util import strtobool
+
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.core.exceptions import PermissionDenied
@@ -187,7 +189,7 @@ class UserViewSet(viewsets.GenericViewSet):
             with transaction.atomic():
                 profile.lock()
 
-                if request.data.get('with_content'):
+                if strtobool(request.data.get('with_content', '')):
                     profile.delete_content()
                 else:
                     forums_to_sync = set()

misago/users/permissions/delete.py

@@ -71,7 +71,7 @@ ACL tests
 def allow_delete_user(user, target):
     newer_than = user.acl['can_delete_users_newer_than']
     less_posts_than = user.acl['can_delete_users_with_less_posts_than']
-    if not (newer_than or less_posts_than):
+    if not newer_than and not less_posts_than:
         raise PermissionDenied(_("You can't delete users."))
 
     if user.pk == target.pk:

misago/users/tests/test_user_avatar_api.py

@@ -4,6 +4,7 @@ from path import Path
 from django.contrib.auth import get_user_model
 from django.core.urlresolvers import reverse
 
+from misago.acl.testutils import override_acl
 from misago.conf import settings
 
 from misago.users.avatars import store
@@ -214,3 +215,117 @@ class UserAvatarTests(AuthenticatedUserTestCase):
 
                 self.assertEqual(response.status_code, 200)
                 self.assertIn('Avatar from gallery was set.', response.content)
+
+
+class UserAvatarModerationTests(AuthenticatedUserTestCase):
+    """
+    tests for moderate user avatar RPC (/api/users/1/moderate-avatar/)
+    """
+    def setUp(self):
+        super(UserAvatarModerationTests, self).setUp()
+
+        User = get_user_model()
+        self.other_user = User.objects.create_user(
+            "OtherUser", "other@user.com", "pass123")
+
+        self.link = '/api/users/%s/moderate-avatar/' % self.other_user.pk
+
+    def test_no_permission(self):
+        """no permission to moderate avatar"""
+        override_acl(self.user, {
+            'can_moderate_avatars': 0,
+        })
+
+        response = self.client.get(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't moderate avatars", response.content)
+
+        override_acl(self.user, {
+            'can_moderate_avatars': 0,
+        })
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't moderate avatars", response.content)
+
+    def test_moderate_avatar(self):
+        """moderate avatar"""
+        override_acl(self.user, {
+            'can_moderate_avatars': 1,
+        })
+
+        response = self.client.get(self.link)
+        self.assertEqual(response.status_code, 200)
+
+        options = json.loads(response.content)
+        self.assertEqual(options['is_avatar_locked'],
+                         self.other_user.is_avatar_locked)
+        self.assertEqual(options['avatar_lock_user_message'],
+                         self.other_user.avatar_lock_user_message)
+        self.assertEqual(options['avatar_lock_staff_message'],
+                         self.other_user.avatar_lock_staff_message)
+
+        override_acl(self.user, {
+            'can_moderate_avatars': 1,
+        })
+
+        response = self.client.post(self.link, json.dumps({
+                'is_avatar_locked': True,
+                'avatar_lock_user_message': "Test user message.",
+                'avatar_lock_staff_message': "Test staff message.",
+            }),
+            content_type="application/json")
+        self.assertEqual(response.status_code, 200)
+
+        User = get_user_model()
+        other_user = User.objects.get(pk=self.other_user.pk)
+
+        options = json.loads(response.content)
+        self.assertEqual(other_user.is_avatar_locked, True)
+        self.assertEqual(
+            other_user.avatar_lock_user_message, "Test user message.")
+        self.assertEqual(
+            other_user.avatar_lock_staff_message, "Test staff message.")
+
+        self.assertEqual(options['avatar_hash'],
+                         other_user.avatar_hash)
+        self.assertEqual(options['is_avatar_locked'],
+                         other_user.is_avatar_locked)
+        self.assertEqual(options['avatar_lock_user_message'],
+                         other_user.avatar_lock_user_message)
+        self.assertEqual(options['avatar_lock_staff_message'],
+                         other_user.avatar_lock_staff_message)
+
+        override_acl(self.user, {
+            'can_moderate_avatars': 1,
+        })
+
+        response = self.client.post(self.link, json.dumps({
+                'is_avatar_locked': False,
+                'avatar_lock_user_message': None,
+                'avatar_lock_staff_message': None,
+            }),
+            content_type="application/json")
+        self.assertEqual(response.status_code, 200)
+
+        other_user = User.objects.get(pk=self.other_user.pk)
+
+        options = json.loads(response.content)
+        self.assertEqual(options['avatar_hash'],
+                         other_user.avatar_hash)
+        self.assertEqual(options['is_avatar_locked'],
+                         other_user.is_avatar_locked)
+        self.assertEqual(options['avatar_lock_user_message'],
+                         other_user.avatar_lock_user_message)
+        self.assertEqual(options['avatar_lock_staff_message'],
+                         other_user.avatar_lock_staff_message)
+
+    def test_moderate_own_avatar(self):
+        """moderate own avatar"""
+        override_acl(self.user, {
+            'can_moderate_avatars': 1,
+        })
+
+        response = self.client.get(
+            '/api/users/%s/moderate-avatar/' % self.user.pk)
+        self.assertEqual(response.status_code, 200)

misago/users/tests/test_user_username_api.py

@@ -98,3 +98,120 @@ class UserUsernameTests(AuthenticatedUserTestCase):
 
         self.assertEqual(self.user.namechanges.last().new_username,
                          new_username)
+
+
+class UserUsernameModerationTests(AuthenticatedUserTestCase):
+    """
+    tests for moderate username RPC (/api/users/1/moderate-username/)
+    """
+    def setUp(self):
+        super(UserUsernameModerationTests, self).setUp()
+
+        User = get_user_model()
+        self.other_user = User.objects.create_user(
+            "OtherUser", "other@user.com", "pass123")
+
+        self.link = '/api/users/%s/moderate-username/' % self.other_user.pk
+
+    def test_no_permission(self):
+        """no permission to moderate avatar"""
+        override_acl(self.user, {
+            'can_rename_users': 0,
+        })
+
+        response = self.client.get(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't rename users", response.content)
+
+        override_acl(self.user, {
+            'can_rename_users': 0,
+        })
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't rename users", response.content)
+
+    def test_moderate_username(self):
+        """moderate username"""
+        override_acl(self.user, {
+            'can_rename_users': 1,
+        })
+
+        response = self.client.get(self.link)
+        self.assertEqual(response.status_code, 200)
+
+        options = json.loads(response.content)
+        self.assertEqual(options['length_min'],
+                         settings.username_length_min)
+        self.assertEqual(options['length_max'],
+                         settings.username_length_max)
+
+        override_acl(self.user, {
+            'can_rename_users': 1,
+        })
+
+        response = self.client.post(self.link, json.dumps({
+                'username': '',
+            }),
+            content_type="application/json")
+
+        self.assertEqual(response.status_code, 400)
+        self.assertIn("Enter new username", response.content)
+
+        override_acl(self.user, {
+            'can_rename_users': 1,
+        })
+
+        response = self.client.post(self.link, json.dumps({
+                'username': '$$$',
+            }),
+            content_type="application/json")
+
+        self.assertEqual(response.status_code, 400)
+        self.assertIn(
+            "Username can only contain latin alphabet letters and digits.",
+            response.content)
+
+        override_acl(self.user, {
+            'can_rename_users': 1,
+        })
+
+        response = self.client.post(self.link, json.dumps({
+                'username': 'a',
+            }),
+            content_type="application/json")
+
+        self.assertEqual(response.status_code, 400)
+        self.assertIn(
+            "Username must be at least 3 characters long.", response.content)
+
+        override_acl(self.user, {
+            'can_rename_users': 1,
+        })
+
+        response = self.client.post(self.link, json.dumps({
+                'username': 'BobBoberson',
+            }),
+            content_type="application/json")
+
+        self.assertEqual(response.status_code, 200)
+
+        User = get_user_model()
+        other_user = User.objects.get(pk=self.other_user.pk)
+
+        self.assertEqual('BobBoberson', other_user.username)
+        self.assertEqual('bobboberson', other_user.slug)
+
+        options = json.loads(response.content)
+        self.assertEqual(options['username'], other_user.username)
+        self.assertEqual(options['slug'], other_user.slug)
+
+    def test_moderate_own_username(self):
+        """moderate own username"""
+        override_acl(self.user, {
+            'can_rename_users': 1,
+        })
+
+        response = self.client.get(
+            '/api/users/%s/moderate-username/' % self.user.pk)
+        self.assertEqual(response.status_code, 200)

misago/users/tests/test_users_api.py

@@ -1,3 +1,5 @@
+from datetime import timedelta
+
 from django.contrib.auth import get_user_model
 
 from misago.acl.testutils import override_acl
@@ -5,6 +7,7 @@ from misago.conf import settings
 from misago.core import threadstore
 from misago.core.cache import cache
 from misago.forums.models import Forum
+from misago.threads.models import Thread, Post
 from misago.threads.testutils import post_thread
 
 from misago.users.models import Rank
@@ -291,3 +294,155 @@ class UserFollowTests(AuthenticatedUserTestCase):
         self.assertEqual(followed.following, 0)
         self.assertEqual(followed.follows.count(), 0)
         self.assertEqual(followed.followed_by.count(), 0)
+
+
+class UserDeleteTests(AuthenticatedUserTestCase):
+    """
+    tests for user delete RPC (POST to /api/users/1/delete/)
+    """
+    def setUp(self):
+        super(UserDeleteTests, self).setUp()
+
+        User = get_user_model()
+        self.other_user = User.objects.create_user(
+            "OtherUser", "other@user.com", "pass123")
+
+        self.link = '/api/users/%s/delete/' % self.other_user.pk
+
+        self.threads = Thread.objects.count()
+        self.posts = Post.objects.count()
+
+        self.forum = Forum.objects.all_forums().filter(role="forum")[:1][0]
+
+        post_thread(self.forum, poster=self.other_user)
+        self.other_user.posts = 1
+        self.other_user.threads = 1
+        self.other_user.save()
+
+    def test_delete_no_permission(self):
+        """raises 403 error when no permission to delete"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 0,
+            'can_delete_users_with_less_posts_than': 0,
+        })
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete users", response.content)
+
+    def test_delete_too_many_posts(self):
+        """raises 403 error when user has too many posts"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 0,
+            'can_delete_users_with_less_posts_than': 5,
+        })
+
+        self.other_user.posts = 6
+        self.other_user.save()
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete users", response.content)
+
+    def test_delete_too_many_posts(self):
+        """raises 403 error when user has too many posts"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 0,
+            'can_delete_users_with_less_posts_than': 5,
+        })
+
+        self.other_user.posts = 6
+        self.other_user.save()
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete users", response.content)
+        self.assertIn("made more than 5 posts", response.content)
+
+    def test_delete_too_old_member(self):
+        """raises 403 error when user is too old"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 5,
+            'can_delete_users_with_less_posts_than': 0,
+        })
+
+        self.other_user.joined_on -= timedelta(days=6)
+        self.other_user.save()
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete users", response.content)
+        self.assertIn("members for more than 5 days", response.content)
+
+    def test_delete_self(self):
+        """raises 403 error when attempting to delete oneself"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 10,
+            'can_delete_users_with_less_posts_than': 10,
+        })
+
+        response = self.client.post('/api/users/%s/delete/' % self.user.pk)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete yourself", response.content)
+
+    def test_delete_admin(self):
+        """raises 403 error when attempting to delete admin"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 10,
+            'can_delete_users_with_less_posts_than': 10,
+        })
+
+        self.other_user.is_staff = True
+        self.other_user.save()
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete administrators", response.content)
+
+    def test_delete_superadmin(self):
+        """raises 403 error when attempting to delete superadmin"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 10,
+            'can_delete_users_with_less_posts_than': 10,
+        })
+
+        self.other_user.is_superuser = True
+        self.other_user.save()
+
+        response = self.client.post(self.link)
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("can't delete administrators", response.content)
+
+    def test_delete_with_content(self):
+        """returns 200 and deletes user with content"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 10,
+            'can_delete_users_with_less_posts_than': 10,
+        })
+
+        response = self.client.post(self.link, data={'with_content': True})
+        self.assertEqual(response.status_code, 200)
+
+        User = get_user_model()
+        with self.assertRaises(User.DoesNotExist):
+            User.objects.get(pk=self.other_user.pk)
+
+        self.assertEqual(Thread.objects.count(), self.threads)
+        self.assertEqual(Post.objects.count(), self.posts)
+
+    def test_delete_without_content(self):
+        """returns 200 and deletes user without content"""
+        override_acl(self.user, {
+            'can_delete_users_newer_than': 10,
+            'can_delete_users_with_less_posts_than': 10,
+        })
+
+        response = self.client.post(self.link, data={'with_content': False})
+        self.assertEqual(response.status_code, 200)
+
+        User = get_user_model()
+        with self.assertRaises(User.DoesNotExist):
+            User.objects.get(pk=self.other_user.pk)
+
+        self.assertEqual(Thread.objects.count(), self.threads + 1)
+        self.assertEqual(Post.objects.count(), self.posts + 1)