Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5750abf487
Branches Tags
Misago
/
misago
/
threads
/
tests
/
test_threads_bulkdelete_api.py

test_threads_bulkdelete_api.py 6.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 
  1. import json
    2. 

  2. 

  3. from django.urls import reverse
    4. 

  4. 

  5. from misago.categories import PRIVATE_THREADS_ROOT_NAME
    6. 

  6. from misago.categories.models import Category
    7. 

  7. from misago.threads import testutils
    8. 

  8. from misago.threads.models import Thread
    9. 

  9. from misago.threads.serializers.moderation import THREADS_LIMIT
    10. 

  10. from misago.threads.test import patch_category_acl
    11. 

  11. from misago.threads.threadtypes import trees_map
    12. 

  12. 

  13. from .test_threads_api import ThreadsApiTestCase
    14. 

  14. 

  15. 

  16. class ThreadsBulkDeleteApiTests(ThreadsApiTestCase):
    17. 

  17.     def setUp(self):
    18. 

  18.         super().setUp()
    19. 

  19. 

  20.         self.api_link = reverse('misago:api:thread-list')
    21. 

  21. 

  22.         self.threads = [
    23. 

  23.             testutils.post_thread(
    24. 

  24.                 category=self.category,
    25. 

  25.                 poster=self.user,
    26. 

  26.             ),
    27. 

  27.             testutils.post_thread(category=self.category),
    28. 

  28.             testutils.post_thread(
    29. 

  29.                 category=self.category,
    30. 

  30.                 poster=self.user,
    31. 

  31.             ),
    32. 

  32.         ]
    33. 

  33. 

  34.     def delete(self, url, data=None):
    35. 

  35.         return self.client.delete(url, json.dumps(data), content_type="application/json")
    36. 

  36. 

  37.     def test_delete_anonymous(self):
    38. 

  38.         """anonymous users can't bulk delete threads"""
    39. 

  39.         self.logout_user()
    40. 

  40. 

  41.         response = self.delete(self.api_link)
    42. 

  42.         self.assertEqual(response.status_code, 403)
    43. 

  43.         self.assertEqual(response.json(), {
    44. 

  44.             "detail": "This action is not available to guests.",
    45. 

  45.         })
    46. 

  46. 

  47.     @patch_category_acl({"can_hide_threads": 2, "can_hide_own_threads": 2})
    48. 

  48.     def test_delete_no_ids(self):
    49. 

  49.         """api requires ids to delete"""
    50. 

  50.         response = self.delete(self.api_link)
    51. 

  51.         self.assertEqual(response.status_code, 403)
    52. 

  52.         self.assertEqual(response.json(), {
    53. 

  53.             "detail": "You have to specify at least one thread to delete.",
    54. 

  54.         })
    55. 

  55. 

  56.     @patch_category_acl({"can_hide_threads": 2, "can_hide_own_threads": 2})
    57. 

  57.     def test_validate_ids(self):
    58. 

  58.         response = self.delete(self.api_link, True)
    59. 

  59.         self.assertEqual(response.status_code, 403)
    60. 

  60.         self.assertEqual(response.json(), {
    61. 

  61.             "detail": 'Expected a list of items but got type "bool".',
    62. 

  62.         })
    63. 

  63. 

  64.         response = self.delete(self.api_link, 'abbss')
    65. 

  65.         self.assertEqual(response.status_code, 403)
    66. 

  66.         self.assertEqual(response.json(), {
    67. 

  67.             "detail": 'Expected a list of items but got type "str".',
    68. 

  68.         })
    69. 

  69. 

  70.         response = self.delete(self.api_link, [1, 2, 3, 'a', 'b', 'x'])
    71. 

  71.         self.assertEqual(response.status_code, 403)
    72. 

  72.         self.assertEqual(response.json(), {
    73. 

  73.             "detail": "One or more thread ids received were invalid.",
    74. 

  74.         })
    75. 

  75. 

  76.     @patch_category_acl({"can_hide_threads": 2, "can_hide_own_threads": 2})
    77. 

  77.     def test_validate_ids_length(self):
    78. 

  78.         """api validates that ids are list of ints"""
    79. 

  79.         response = self.delete(self.api_link, list(range(THREADS_LIMIT + 1)))
    80. 

  80.         self.assertEqual(response.status_code, 403)
    81. 

  81.         self.assertEqual(response.json(), {
    82. 

  82.             "detail": "No more than %s threads can be deleted at single time." % THREADS_LIMIT,
    83. 

  83.         })
    84. 

  84. 

  85.     @patch_category_acl({"can_hide_threads": 2, "can_hide_own_threads": 2})
    86. 

  86.     def test_validate_thread_visibility(self):
    87. 

  87.         """api valdiates if user can see deleted thread"""
    88. 

  88.         unapproved_thread = self.threads[1]
    89. 

  89. 

  90.         unapproved_thread.is_unapproved = True
    91. 

  91.         unapproved_thread.save()
    92. 

  92. 

  93.         threads_ids = [p.id for p in self.threads]
    94. 

  94. 

  95.         response = self.delete(self.api_link, threads_ids)
    96. 

  96.         self.assertEqual(response.status_code, 403)
    97. 

  97.         self.assertEqual(response.json(), {
    98. 

  98.             "detail": "One or more threads to delete could not be found.",
    99. 

  99.         })
    100. 

  100. 

  101.         # no thread was deleted
    102. 

  102.         for thread in self.threads:
    103. 

  103.             Thread.objects.get(pk=thread.pk)
    104. 

  104. 

  105.     @patch_category_acl({"can_hide_threads": 0, "can_hide_own_threads": 2})
    106. 

  106.     def test_delete_other_user_thread_no_permission(self):
    107. 

  107.         """api valdiates if user can delete other users threads"""
    108. 

  108.         other_thread = self.threads[1]
    109. 

  109. 

  110.         response = self.delete(self.api_link, [p.id for p in self.threads])
    111. 

  111.         self.assertEqual(response.status_code, 400)
    112. 

  112.         self.assertEqual(response.json(), [
    113. 

  113.             {
    114. 

  114.                 'thread': {
    115. 

  115.                     'id': other_thread.pk,
    116. 

  116.                     'title': other_thread.title
    117. 

  117.                 },
    118. 

  118.                 'error': "You can't delete other users theads in this category."
    119. 

  119.             }
    120. 

  120.         ])
    121. 

  121. 

  122.         # no threads are removed on failed attempt
    123. 

  123.         for thread in self.threads:
    124. 

  124.             Thread.objects.get(pk=thread.pk)
    125. 

  125. 

  126.     @patch_category_acl({
    127. 

  127.         "can_hide_threads": 2, 
    128. 

  128.         "can_hide_own_threads": 2,
    129. 

  129.         "can_close_threads": False,
    130. 

  130.     })
    131. 

  131.     def test_delete_thread_closed_category_no_permission(self):
    132. 

  132.         """api tests category's closed state"""
    133. 

  133.         self.category.is_closed = True
    134. 

  134.         self.category.save()
    135. 

  135. 

  136.         response = self.delete(self.api_link, [p.id for p in self.threads])
    137. 

  137. 

  138.         self.assertEqual(response.status_code, 400)
    139. 

  139.         self.assertEqual(response.json(), [
    140. 

  140.             {
    141. 

  141.                 'thread': {
    142. 

  142.                     'id': thread.pk,
    143. 

  143.                     'title': thread.title
    144. 

  144.                 },
    145. 

  145.                 'error': "This category is closed. You can't delete threads in it."
    146. 

  146.             } for thread in sorted(self.threads, key=lambda i: i.pk)
    147. 

  147.         ])
    148. 

  148. 

  149.     @patch_category_acl({
    150. 

  150.         "can_hide_threads": 2, 
    151. 

  151.         "can_hide_own_threads": 2,
    152. 

  152.         "can_close_threads": False,
    153. 

  153.     })
    154. 

  154.     def test_delete_thread_closed_no_permission(self):
    155. 

  155.         """api tests thread's closed state"""
    156. 

  156.         closed_thread = self.threads[1]
    157. 

  157.         closed_thread.is_closed = True
    158. 

  158.         closed_thread.save()
    159. 

  159. 

  160.         response = self.delete(self.api_link, [p.id for p in self.threads])
    161. 

  161. 

  162.         self.assertEqual(response.status_code, 400)
    163. 

  163.         self.assertEqual(response.json(), [
    164. 

  164.             {
    165. 

  165.                 'thread': {
    166. 

  166.                     'id': closed_thread.pk,
    167. 

  167.                     'title': closed_thread.title
    168. 

  168.                 },
    169. 

  169.                 'error': "This thread is closed. You can't delete it."
    170. 

  170.             }
    171. 

  171.         ])
    172. 

  172. 

  173.     @patch_category_acl({"can_hide_threads": 2, "can_hide_own_threads": 2})
    174. 

  174.     def test_delete_private_thread(self):
    175. 

  175.         """attempt to delete private thread fails"""
    176. 

  176.         private_thread = self.threads[0]
    177. 

  177. 

  178.         private_thread.category = Category.objects.get(
    179. 

  179.             tree_id=trees_map.get_tree_id_for_root(PRIVATE_THREADS_ROOT_NAME),
    180. 

  180.         )
    181. 

  181.         private_thread.save()
    182. 

  182. 

  183.         private_thread.threadparticipant_set.create(
    184. 

  184.             user=self.user,
    185. 

  185.             is_owner=True,
    186. 

  186.         )
    187. 

  187. 

  188.         threads_ids = [p.id for p in self.threads]
    189. 

  189. 

  190.         response = self.delete(self.api_link, threads_ids)
    191. 

  191.         self.assertEqual(response.status_code, 403)
    192. 

  192.         self.assertEqual(response.json(), {
    193. 

  193.             "detail": "One or more threads to delete could not be found.",
    194. 

  194.         })
    195. 

  195. 

  196.         Thread.objects.get(pk=private_thread.pk)
    197.