Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 751031b681
Branches Tags
Misago
/
misago
/
threads
/
tests
/
test_thread_postdelete_api.py

test_thread_postdelete_api.py 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. from django.core.urlresolvers import reverse
    2. 

  2. 

  3. from .. import testutils
    4. 

  4. from ..models import Post, Thread
    5. 

  5. from .test_threads_api import ThreadsApiTestCase
    6. 

  6. 

  7. 

  8. class PostDeleteApiTests(ThreadsApiTestCase):
    9. 

  9.     def setUp(self):
    10. 

  10.         super(PostDeleteApiTests, self).setUp()
    11. 

  11. 

  12.         self.post = testutils.reply_thread(self.thread, poster=self.user)
    13. 

  13. 

  14.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    15. 

  15.             'thread_pk': self.thread.pk,
    16. 

  16.             'pk': self.post.pk
    17. 

  17.         })
    18. 

  18. 

  19.     def test_delete_anonymous(self):
    20. 

  20.         """api validates if deleting user is authenticated"""
    21. 

  21.         self.logout_user()
    22. 

  22. 

  23.         response = self.client.delete(self.api_link)
    24. 

  24.         self.assertContains(response, "This action is not available to guests.", status_code=403)
    25. 

  25. 

  26.     def test_no_permission(self):
    27. 

  27.         """api validates permission to delete post"""
    28. 

  28.         self.override_acl({
    29. 

  29.             'can_hide_own_posts': 1,
    30. 

  30.             'can_hide_posts': 1
    31. 

  31.         })
    32. 

  32. 

  33.         response = self.client.delete(self.api_link)
    34. 

  34.         self.assertContains(response, "You can't delete posts in this category.", status_code=403)
    35. 

  35. 

  36.     def test_delete_first_post(self):
    37. 

  37.         """api disallows first post's deletion"""
    38. 

  38.         self.override_acl({
    39. 

  39.             'can_hide_own_posts': 2,
    40. 

  40.             'can_hide_posts': 2
    41. 

  41.         })
    42. 

  42. 

  43.         api_link = reverse('misago:api:thread-post-detail', kwargs={
    44. 

  44.             'thread_pk': self.thread.pk,
    45. 

  45.             'pk': self.thread.first_post_id
    46. 

  46.         })
    47. 

  47. 

  48.         response = self.client.delete(api_link)
    49. 

  49.         self.assertContains(response, "You can't delete thread's first post.", status_code=403)
    50. 

  50. 

  51.     def test_delete_event(self):
    52. 

  52.         """api differs posts from events"""
    53. 

  53.         self.override_acl({
    54. 

  54.             'can_hide_own_posts': 2,
    55. 

  55.             'can_hide_posts': 2,
    56. 

  56. 

  57.             'can_hide_events': 0
    58. 

  58.         })
    59. 

  59. 

  60.         self.post.is_event = True
    61. 

  61.         self.post.save()
    62. 

  62. 

  63.         response = self.client.delete(self.api_link)
    64. 

  64.         self.assertContains(response, "You can't delete events in this category.", status_code=403)
    65. 

  65. 

  66.     def test_delete_owned_post(self):
    67. 

  67.         """api deletes owned thread post"""
    68. 

  68.         self.override_acl({
    69. 

  69.             'post_edit_time': 0,
    70. 

  70.             'can_hide_own_posts': 2,
    71. 

  71.             'can_hide_posts': 0
    72. 

  72.         })
    73. 

  73. 

  74.         response = self.client.delete(self.api_link)
    75. 

  75.         self.assertEqual(response.status_code, 200)
    76. 

  76. 

  77.         self.thread = Thread.objects.get(pk=self.thread.pk)
    78. 

  78. 

  79.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    80. 

  80.         with self.assertRaises(Post.DoesNotExist):
    81. 

  81.             self.thread.post_set.get(pk=self.post.pk)
    82. 

  82. 

  83.     def test_delete_post(self):
    84. 

  84.         """api deletes thread post"""
    85. 

  85.         self.override_acl({
    86. 

  86.             'can_hide_own_posts': 0,
    87. 

  87.             'can_hide_posts': 2
    88. 

  88.         })
    89. 

  89. 

  90.         response = self.client.delete(self.api_link)
    91. 

  91.         self.assertEqual(response.status_code, 200)
    92. 

  92. 

  93.         self.thread = Thread.objects.get(pk=self.thread.pk)
    94. 

  94. 

  95.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    96. 

  96.         with self.assertRaises(Post.DoesNotExist):
    97. 

  97.             self.thread.post_set.get(pk=self.post.pk)
    98. 

  98. 

  99. 

  100. class EventDeleteApiTests(ThreadsApiTestCase):
    101. 

  101.     def setUp(self):
    102. 

  102.         super(EventDeleteApiTests, self).setUp()
    103. 

  103. 

  104.         self.event = testutils.reply_thread(self.thread, poster=self.user, is_event=True)
    105. 

  105. 

  106.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    107. 

  107.             'thread_pk': self.thread.pk,
    108. 

  108.             'pk': self.event.pk
    109. 

  109.         })
    110. 

  110. 

  111.     def test_delete_anonymous(self):
    112. 

  112.         """api validates if deleting user is authenticated"""
    113. 

  113.         self.logout_user()
    114. 

  114. 

  115.         response = self.client.delete(self.api_link)
    116. 

  116.         self.assertContains(response, "This action is not available to guests.", status_code=403)
    117. 

  117. 

  118.     def test_no_permission(self):
    119. 

  119.         """api validates permission to delete event"""
    120. 

  120.         self.override_acl({
    121. 

  121.             'can_hide_own_posts': 2,
    122. 

  122.             'can_hide_posts': 2,
    123. 

  123. 

  124.             'can_hide_events': 0
    125. 

  125.         })
    126. 

  126. 

  127.         response = self.client.delete(self.api_link)
    128. 

  128.         self.assertContains(response, "You can't delete events in this category.", status_code=403)
    129. 

  129. 

  130.     def test_delete_event(self):
    131. 

  131.         """api differs posts from events"""
    132. 

  132.         self.override_acl({
    133. 

  133.             'can_hide_own_posts': 0,
    134. 

  134.             'can_hide_posts': 0,
    135. 

  135. 

  136.             'can_hide_events': 2
    137. 

  137.         })
    138. 

  138. 

  139.         response = self.client.delete(self.api_link)
    140. 

  140.         self.assertEqual(response.status_code, 200)
    141. 

  141. 

  142.         self.thread = Thread.objects.get(pk=self.thread.pk)
    143. 

  143. 

  144.         self.assertNotEqual(self.thread.last_post_id, self.event.pk)
    145. 

  145.         with self.assertRaises(Post.DoesNotExist):
    146. 

  146.             self.thread.post_set.get(pk=self.event.pk)
    147.