Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0f2c443f6f
Branches Tags
Misago
/
misago
/
threads
/
tests
/
test_thread_postdelete_api.py

test_thread_postdelete_api.py 7.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225 
  1. from datetime import timedelta
    2. 

  2. 

  3. from django.urls import reverse
    4. 

  4. from django.utils import timezone
    5. 

  5. 

  6. from misago.threads import testutils
    7. 

  7. from misago.threads.models import Post, Thread
    8. 

  8. 

  9. from .test_threads_api import ThreadsApiTestCase
    10. 

  10. 

  11. 

  12. class PostDeleteApiTests(ThreadsApiTestCase):
    13. 

  13.     def setUp(self):
    14. 

  14.         super(PostDeleteApiTests, self).setUp()
    15. 

  15. 

  16.         self.post = testutils.reply_thread(self.thread, poster=self.user)
    17. 

  17. 

  18.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    19. 

  19.             'thread_pk': self.thread.pk,
    20. 

  20.             'pk': self.post.pk
    21. 

  21.         })
    22. 

  22. 

  23.     def test_delete_anonymous(self):
    24. 

  24.         """api validates if deleting user is authenticated"""
    25. 

  25.         self.logout_user()
    26. 

  26. 

  27.         response = self.client.delete(self.api_link)
    28. 

  28.         self.assertContains(response, "This action is not available to guests.", status_code=403)
    29. 

  29. 

  30.     def test_no_permission(self):
    31. 

  31.         """api validates permission to delete post"""
    32. 

  32.         self.override_acl({
    33. 

  33.             'can_hide_own_posts': 1,
    34. 

  34.             'can_hide_posts': 1
    35. 

  35.         })
    36. 

  36. 

  37.         response = self.client.delete(self.api_link)
    38. 

  38.         self.assertContains(response, "You can't delete posts in this category.", status_code=403)
    39. 

  39. 

  40.     def test_delete_other_user_post_no_permission(self):
    41. 

  41.         """api valdiates if user can delete other users posts"""
    42. 

  42.         self.override_acl({
    43. 

  43.             'post_edit_time': 0,
    44. 

  44.             'can_hide_own_posts': 2,
    45. 

  45.             'can_hide_posts': 0
    46. 

  46.         })
    47. 

  47. 

  48.         self.post.poster = None
    49. 

  49.         self.post.save()
    50. 

  50. 

  51.         response = self.client.delete(self.api_link)
    52. 

  52.         self.assertContains(
    53. 

  53.             response, "You can't delete other users posts in this category", status_code=403)
    54. 

  54. 

  55.     def test_delete_protected_post_no_permission(self):
    56. 

  56.         """api validates if user can delete protected post"""
    57. 

  57.         self.override_acl({
    58. 

  58.             'can_protect_posts': 0,
    59. 

  59.             'can_hide_own_posts': 2,
    60. 

  60.             'can_hide_posts': 0,
    61. 

  61.         })
    62. 

  62. 

  63.         self.post.is_protected = True
    64. 

  64.         self.post.save()
    65. 

  65. 

  66.         response = self.client.delete(self.api_link)
    67. 

  67.         self.assertContains(
    68. 

  68.             response, "This post is protected. You can't delete it.", status_code=403)
    69. 

  69. 

  70.     def test_delete_protected_post_after_edit_time(self):
    71. 

  71.         """api validates if user can delete delete post after edit time"""
    72. 

  72.         self.override_acl({
    73. 

  73.             'post_edit_time': 1,
    74. 

  74.             'can_hide_own_posts': 2,
    75. 

  75.             'can_hide_posts': 0,
    76. 

  76.         })
    77. 

  77. 

  78.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    79. 

  79.         self.post.save()
    80. 

  80. 

  81.         response = self.client.delete(self.api_link)
    82. 

  82.         self.assertContains(
    83. 

  83.             response, "You can't delete posts that are older than 1 minute.", status_code=403)
    84. 

  84. 

  85.     def test_delete_post_closed_thread_no_permission(self):
    86. 

  86.         """api valdiates if user can delete posts in closed threads"""
    87. 

  87.         self.override_acl({
    88. 

  88.             'can_hide_own_posts': 2,
    89. 

  89.             'can_hide_posts': 0,
    90. 

  90.         })
    91. 

  91. 

  92.         self.thread.is_closed = True
    93. 

  93.         self.thread.save()
    94. 

  94.         self.post.save()
    95. 

  95. 

  96.         response = self.client.delete(self.api_link)
    97. 

  97.         self.assertContains(
    98. 

  98.             response, "This thread is closed. You can't delete posts in it.", status_code=403)
    99. 

  99. 

  100.     def test_delete_post_closed_category_no_permission(self):
    101. 

  101.         """api valdiates if user can delete posts in closed categories"""
    102. 

  102.         self.override_acl({
    103. 

  103.             'can_hide_own_posts': 2,
    104. 

  104.             'can_hide_posts': 0,
    105. 

  105.         })
    106. 

  106. 

  107.         self.category.is_closed = True
    108. 

  108.         self.category.save()
    109. 

  109.         self.post.save()
    110. 

  110. 

  111.         response = self.client.delete(self.api_link)
    112. 

  112.         self.assertContains(
    113. 

  113.             response, "This category is closed. You can't delete posts in it.", status_code=403)
    114. 

  114. 

  115.     def test_delete_first_post(self):
    116. 

  116.         """api disallows first post's deletion"""
    117. 

  117.         self.override_acl({
    118. 

  118.             'can_hide_own_posts': 2,
    119. 

  119.             'can_hide_posts': 2
    120. 

  120.         })
    121. 

  121. 

  122.         api_link = reverse('misago:api:thread-post-detail', kwargs={
    123. 

  123.             'thread_pk': self.thread.pk,
    124. 

  124.             'pk': self.thread.first_post_id
    125. 

  125.         })
    126. 

  126. 

  127.         response = self.client.delete(api_link)
    128. 

  128.         self.assertContains(response, "You can't delete thread's first post.", status_code=403)
    129. 

  129. 

  130.     def test_delete_event(self):
    131. 

  131.         """api differs posts from events"""
    132. 

  132.         self.override_acl({
    133. 

  133.             'can_hide_own_posts': 2,
    134. 

  134.             'can_hide_posts': 2,
    135. 

  135. 

  136.             'can_hide_events': 0
    137. 

  137.         })
    138. 

  138. 

  139.         self.post.is_event = True
    140. 

  140.         self.post.save()
    141. 

  141. 

  142.         response = self.client.delete(self.api_link)
    143. 

  143.         self.assertContains(response, "You can't delete events in this category.", status_code=403)
    144. 

  144. 

  145.     def test_delete_owned_post(self):
    146. 

  146.         """api deletes owned thread post"""
    147. 

  147.         self.override_acl({
    148. 

  148.             'post_edit_time': 0,
    149. 

  149.             'can_hide_own_posts': 2,
    150. 

  150.             'can_hide_posts': 0
    151. 

  151.         })
    152. 

  152. 

  153.         response = self.client.delete(self.api_link)
    154. 

  154.         self.assertEqual(response.status_code, 200)
    155. 

  155. 

  156.         self.thread = Thread.objects.get(pk=self.thread.pk)
    157. 

  157. 

  158.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    159. 

  159.         with self.assertRaises(Post.DoesNotExist):
    160. 

  160.             self.thread.post_set.get(pk=self.post.pk)
    161. 

  161. 

  162.     def test_delete_post(self):
    163. 

  163.         """api deletes thread post"""
    164. 

  164.         self.override_acl({
    165. 

  165.             'can_hide_own_posts': 0,
    166. 

  166.             'can_hide_posts': 2
    167. 

  167.         })
    168. 

  168. 

  169.         response = self.client.delete(self.api_link)
    170. 

  170.         self.assertEqual(response.status_code, 200)
    171. 

  171. 

  172.         self.thread = Thread.objects.get(pk=self.thread.pk)
    173. 

  173. 

  174.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    175. 

  175.         with self.assertRaises(Post.DoesNotExist):
    176. 

  176.             self.thread.post_set.get(pk=self.post.pk)
    177. 

  177. 

  178. 

  179. class EventDeleteApiTests(ThreadsApiTestCase):
    180. 

  180.     def setUp(self):
    181. 

  181.         super(EventDeleteApiTests, self).setUp()
    182. 

  182. 

  183.         self.event = testutils.reply_thread(self.thread, poster=self.user, is_event=True)
    184. 

  184. 

  185.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    186. 

  186.             'thread_pk': self.thread.pk,
    187. 

  187.             'pk': self.event.pk
    188. 

  188.         })
    189. 

  189. 

  190.     def test_delete_anonymous(self):
    191. 

  191.         """api validates if deleting user is authenticated"""
    192. 

  192.         self.logout_user()
    193. 

  193. 

  194.         response = self.client.delete(self.api_link)
    195. 

  195.         self.assertContains(response, "This action is not available to guests.", status_code=403)
    196. 

  196. 

  197.     def test_no_permission(self):
    198. 

  198.         """api validates permission to delete event"""
    199. 

  199.         self.override_acl({
    200. 

  200.             'can_hide_own_posts': 2,
    201. 

  201.             'can_hide_posts': 2,
    202. 

  202. 

  203.             'can_hide_events': 0
    204. 

  204.         })
    205. 

  205. 

  206.         response = self.client.delete(self.api_link)
    207. 

  207.         self.assertContains(response, "You can't delete events in this category.", status_code=403)
    208. 

  208. 

  209.     def test_delete_event(self):
    210. 

  210.         """api differs posts from events"""
    211. 

  211.         self.override_acl({
    212. 

  212.             'can_hide_own_posts': 0,
    213. 

  213.             'can_hide_posts': 0,
    214. 

  214. 

  215.             'can_hide_events': 2
    216. 

  216.         })
    217. 

  217. 

  218.         response = self.client.delete(self.api_link)
    219. 

  219.         self.assertEqual(response.status_code, 200)
    220. 

  220. 

  221.         self.thread = Thread.objects.get(pk=self.thread.pk)
    222. 

  222. 

  223.         self.assertNotEqual(self.thread.last_post_id, self.event.pk)
    224. 

  224.         with self.assertRaises(Post.DoesNotExist):
    225. 

  225.             self.thread.post_set.get(pk=self.event.pk)
    226.