Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

additional tests for allow_delete_post

Rafał Pitoń 8 years ago
parent
715e4f38d0
commit
ba27a7a0c7
2 changed files with 81 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      misago/threads/permissions/threads.py
  2. 78 0
      misago/threads/tests/test_thread_postdelete_api.py

+ 3 - 2
misago/threads/permissions/threads.py
View File 

@@ -585,6 +585,7 @@ def allow_edit_post(user, target):
 
             raise PermissionDenied(_("This post is protected. You can't edit it."))
 
 
         if not has_time_to_edit_post(user, target):
 
+            raise Exception()
 
             message = ungettext(
 
                 "You can't edit posts that are older than %(minutes)s minute.",
 
                 "You can't edit posts that are older than %(minutes)s minutes.",
 
@@ -685,9 +686,9 @@ def allow_delete_post(user, target):
 
 
         if not category_acl['can_close_threads']:
 
             if target.category.is_closed:
 
-                raise PermissionDenied(_("This category is closed. You can't delete posts from it."))
 
+                raise PermissionDenied(_("This category is closed. You can't delete posts in it."))
 
             if target.thread.is_closed:
 
-                raise PermissionDenied(_("This thread is closed. You can't delete posts from it."))
 
+                raise PermissionDenied(_("This thread is closed. You can't delete posts in it."))
 
 
         if target.is_protected and not category_acl['can_protect_posts']:
 
             raise PermissionDenied(_("This post is protected. You can't delete it."))

+ 78 - 0
misago/threads/tests/test_thread_postdelete_api.py
View File 

@@ -1,4 +1,7 @@
 
+from datetime import timedelta
 
+
 
 from django.urls import reverse
 
+from django.utils import timezone
 
 
 from .. import testutils
 
 from ..models import Post, Thread
 
@@ -33,6 +36,81 @@ class PostDeleteApiTests(ThreadsApiTestCase):
 
         response = self.client.delete(self.api_link)
 
         self.assertContains(response, "You can't delete posts in this category.", status_code=403)
 
 
+    def test_delete_other_user_post_no_permission(self):
 
+        """api valdiates if user can delete other users posts"""
 
+        self.override_acl({
 
+            'post_edit_time': 0,
 
+            'can_hide_own_posts': 2,
 
+            'can_hide_posts': 0
 
+        })
 
+
 
+        self.post.poster = None
 
+        self.post.save()
 
+
 
+        response = self.client.delete(self.api_link)
 
+        self.assertContains(
 
+            response, "You can't delete other users posts in this category", status_code=403)
 
+
 
+    def test_delete_protected_post_no_permission(self):
 
+        """api validates if user can delete protected post"""
 
+        self.override_acl({
 
+            'can_protect_posts': 0,
 
+            'can_hide_own_posts': 2,
 
+            'can_hide_posts': 0,
 
+        })
 
+
 
+        self.post.is_protected = True
 
+        self.post.save()
 
+
 
+        response = self.client.delete(self.api_link)
 
+        self.assertContains(
 
+            response, "This post is protected. You can't delete it.", status_code=403)
 
+
 
+    def test_delete_protected_post_after_edit_time(self):
 
+        """api validates if user can delete delete post after edit time"""
 
+        self.override_acl({
 
+            'post_edit_time': 1,
 
+            'can_hide_own_posts': 2,
 
+            'can_hide_posts': 0,
 
+        })
 
+
 
+        self.post.posted_on = timezone.now() - timedelta(minutes=10)
 
+        self.post.save()
 
+
 
+        response = self.client.delete(self.api_link)
 
+        self.assertContains(
 
+            response, "You can't delete posts that are older than 1 minute.", status_code=403)
 
+
 
+    def test_delete_post_closed_thread_no_permission(self):
 
+        """api valdiates if user can delete posts in closed threads"""
 
+        self.override_acl({
 
+            'can_hide_own_posts': 2,
 
+            'can_hide_posts': 0,
 
+        })
 
+
 
+        self.thread.is_closed = True
 
+        self.thread.save()
 
+        self.post.save()
 
+
 
+        response = self.client.delete(self.api_link)
 
+        self.assertContains(
 
+            response, "This thread is closed. You can't delete posts in it.", status_code=403)
 
+
 
+    def test_delete_post_closed_category_no_permission(self):
 
+        """api valdiates if user can delete posts in closed categories"""
 
+        self.override_acl({
 
+            'can_hide_own_posts': 2,
 
+            'can_hide_posts': 0,
 
+        })
 
+
 
+        self.category.is_closed = True
 
+        self.category.save()
 
+        self.post.save()
 
+
 
+        response = self.client.delete(self.api_link)
 
+        self.assertContains(
 
+            response, "This category is closed. You can't delete posts in it.", status_code=403)
 
+
 
     def test_delete_first_post(self):
 
         """api disallows first post's deletion"""
 
         self.override_acl({