Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 7be7d57159
Branches Tags
Misago
/
misago
/
threads
/
tests
/
test_threadpost_patch_api.py

test_threadpost_patch_api.py 24 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746 
  1. # -*- coding: utf-8 -*-
    2. 

  2. from __future__ import unicode_literals
    3. 

  3. 

  4. import json
    5. 

  5. from datetime import timedelta
    6. 

  6. 

  7. from django.core.urlresolvers import reverse
    8. 

  8. from django.test.client import BOUNDARY, MULTIPART_CONTENT, encode_multipart
    9. 

  9. from django.utils import timezone
    10. 

  10. from django.utils.encoding import smart_str
    11. 

  11. 

  12. from misago.acl.testutils import override_acl
    13. 

  13. from misago.categories.models import Category
    14. 

  14. from misago.users.testutils import AuthenticatedUserTestCase
    15. 

  15. 

  16. from .. import testutils
    17. 

  17. from ..models import Thread
    18. 

  18. 

  19. 

  20. class ThreadPostPatchApiTestCase(AuthenticatedUserTestCase):
    21. 

  21.     def setUp(self):
    22. 

  22.         super(ThreadPostPatchApiTestCase, self).setUp()
    23. 

  23. 

  24.         self.category = Category.objects.get(slug='first-category')
    25. 

  25.         self.thread = testutils.post_thread(category=self.category)
    26. 

  26.         self.post = testutils.reply_thread(self.thread, poster=self.user)
    27. 

  27. 

  28.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    29. 

  29.             'thread_pk': self.thread.pk,
    30. 

  30.             'pk': self.post.pk
    31. 

  31.         })
    32. 

  32. 

  33.     def patch(self, api_link, ops):
    34. 

  34.         return self.client.patch(api_link, json.dumps(ops), content_type="application/json")
    35. 

  35. 

  36.     def refresh_post(self):
    37. 

  37.         self.post = self.thread.post_set.get(pk=self.post.pk)
    38. 

  38. 

  39.     def override_acl(self, extra_acl=None):
    40. 

  40.         new_acl = self.user.acl
    41. 

  41.         new_acl['categories'][self.category.pk].update({
    42. 

  42.             'can_see': 1,
    43. 

  43.             'can_browse': 1,
    44. 

  44.             'can_start_threads': 0,
    45. 

  45.             'can_reply_threads': 0,
    46. 

  46.             'can_edit_posts': 1
    47. 

  47.         })
    48. 

  48. 

  49.         if extra_acl:
    50. 

  50.             new_acl['categories'][self.category.pk].update(extra_acl)
    51. 

  51. 

  52.         override_acl(self.user, new_acl)
    53. 

  53. 

  54. 

  55. class PostAddAclApiTests(ThreadPostPatchApiTestCase):
    56. 

  56.     def test_add_acl_true(self):
    57. 

  57.         """api adds current event's acl to response"""
    58. 

  58.         response = self.patch(self.api_link, [
    59. 

  59.             {'op': 'add', 'path': 'acl', 'value': True}
    60. 

  60.         ])
    61. 

  61.         self.assertEqual(response.status_code, 200)
    62. 

  62. 

  63.         response_json = json.loads(smart_str(response.content))
    64. 

  64.         self.assertTrue(response_json['acl'])
    65. 

  65. 

  66.     def test_add_acl_false(self):
    67. 

  67.         """if value is false, api won't add acl to the response, but will set empty key"""
    68. 

  68.         response = self.patch(self.api_link, [
    69. 

  69.             {'op': 'add', 'path': 'acl', 'value': False}
    70. 

  70.         ])
    71. 

  71.         self.assertEqual(response.status_code, 200)
    72. 

  72. 

  73.         response_json = json.loads(smart_str(response.content))
    74. 

  74.         self.assertIsNone(response_json['acl'])
    75. 

  75. 

  76.         response = self.patch(self.api_link, [
    77. 

  77.             {'op': 'add', 'path': 'acl', 'value': True}
    78. 

  78.         ])
    79. 

  79.         self.assertEqual(response.status_code, 200)
    80. 

  80. 

  81. 

  82. class PostProtectApiTests(ThreadPostPatchApiTestCase):
    83. 

  83.     def test_protect_post(self):
    84. 

  84.         """api makes it possible to protect post"""
    85. 

  85.         self.override_acl({
    86. 

  86.             'can_protect_posts': 1
    87. 

  87.         })
    88. 

  88. 

  89.         response = self.patch(self.api_link, [
    90. 

  90.             {'op': 'replace', 'path': 'is-protected', 'value': True}
    91. 

  91.         ])
    92. 

  92.         self.assertEqual(response.status_code, 200)
    93. 

  93. 

  94.         self.refresh_post()
    95. 

  95.         self.assertTrue(self.post.is_protected)
    96. 

  96. 

  97.     def test_unprotect_post(self):
    98. 

  98.         """api makes it possible to unprotect protected post"""
    99. 

  99.         self.post.is_protected = True
    100. 

  100.         self.post.save()
    101. 

  101. 

  102.         self.override_acl({
    103. 

  103.             'can_protect_posts': 1
    104. 

  104.         })
    105. 

  105. 

  106.         response = self.patch(self.api_link, [
    107. 

  107.             {'op': 'replace', 'path': 'is-protected', 'value': False}
    108. 

  108.         ])
    109. 

  109.         self.assertEqual(response.status_code, 200)
    110. 

  110. 

  111.         self.refresh_post()
    112. 

  112.         self.assertFalse(self.post.is_protected)
    113. 

  113. 

  114.     def test_protect_post_no_permission(self):
    115. 

  115.         """api validates permission to protect post"""
    116. 

  116.         self.override_acl({
    117. 

  117.             'can_protect_posts': 0
    118. 

  118.         })
    119. 

  119. 

  120.         response = self.patch(self.api_link, [
    121. 

  121.             {'op': 'replace', 'path': 'is-protected', 'value': True}
    122. 

  122.         ])
    123. 

  123.         self.assertEqual(response.status_code, 400)
    124. 

  124. 

  125.         response_json = json.loads(smart_str(response.content))
    126. 

  126.         self.assertEqual(response_json['detail'][0], "You can't protect posts in this category.")
    127. 

  127. 

  128.         self.refresh_post()
    129. 

  129.         self.assertFalse(self.post.is_protected)
    130. 

  130. 

  131.     def test_unprotect_post_no_permission(self):
    132. 

  132.         """api validates permission to unprotect post"""
    133. 

  133.         self.post.is_protected = True
    134. 

  134.         self.post.save()
    135. 

  135. 

  136.         self.override_acl({
    137. 

  137.             'can_protect_posts': 0
    138. 

  138.         })
    139. 

  139. 

  140.         response = self.patch(self.api_link, [
    141. 

  141.             {'op': 'replace', 'path': 'is-protected', 'value': False}
    142. 

  142.         ])
    143. 

  143.         self.assertEqual(response.status_code, 400)
    144. 

  144. 

  145.         response_json = json.loads(smart_str(response.content))
    146. 

  146.         self.assertEqual(response_json['detail'][0], "You can't protect posts in this category.")
    147. 

  147. 

  148.         self.refresh_post()
    149. 

  149.         self.assertTrue(self.post.is_protected)
    150. 

  150. 

  151.     def test_unprotect_post_not_editable(self):
    152. 

  152.         """api validates if we can edit post we want to protect"""
    153. 

  153.         self.override_acl({
    154. 

  154.             'can_edit_posts': 0,
    155. 

  155.             'can_protect_posts': 1
    156. 

  156.         })
    157. 

  157. 

  158.         response = self.patch(self.api_link, [
    159. 

  159.             {'op': 'replace', 'path': 'is-protected', 'value': True}
    160. 

  160.         ])
    161. 

  161.         self.assertEqual(response.status_code, 400)
    162. 

  162. 

  163.         response_json = json.loads(smart_str(response.content))
    164. 

  164.         self.assertEqual(response_json['detail'][0], "You can't protect posts you can't edit.")
    165. 

  165. 

  166.         self.refresh_post()
    167. 

  167.         self.assertFalse(self.post.is_protected)
    168. 

  168. 

  169. 

  170. class PostApproveApiTests(ThreadPostPatchApiTestCase):
    171. 

  171.     def test_approve_post(self):
    172. 

  172.         """api makes it possible to approve post"""
    173. 

  173.         self.post.is_unapproved = True
    174. 

  174.         self.post.save()
    175. 

  175. 

  176.         self.override_acl({
    177. 

  177.             'can_approve_content': 1
    178. 

  178.         })
    179. 

  179. 

  180.         response = self.patch(self.api_link, [
    181. 

  181.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    182. 

  182.         ])
    183. 

  183.         self.assertEqual(response.status_code, 200)
    184. 

  184. 

  185.         self.refresh_post()
    186. 

  186.         self.assertFalse(self.post.is_unapproved)
    187. 

  187. 

  188.     def test_unapprove_post(self):
    189. 

  189.         """unapproving posts is not supported by api"""
    190. 

  190.         self.override_acl({
    191. 

  191.             'can_approve_content': 1
    192. 

  192.         })
    193. 

  193. 

  194.         response = self.patch(self.api_link, [
    195. 

  195.             {'op': 'replace', 'path': 'is-unapproved', 'value': False}
    196. 

  196.         ])
    197. 

  197.         self.assertEqual(response.status_code, 200)
    198. 

  198. 

  199.         self.refresh_post()
    200. 

  200.         self.assertFalse(self.post.is_unapproved)
    201. 

  201. 

  202.     def test_approve_post_no_permission(self):
    203. 

  203.         """api validates approval permission"""
    204. 

  204.         self.post.is_unapproved = True
    205. 

  205.         self.post.save()
    206. 

  206. 

  207.         self.override_acl({
    208. 

  208.             'can_approve_content': 0
    209. 

  209.         })
    210. 

  210. 

  211.         response = self.patch(self.api_link, [
    212. 

  212.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    213. 

  213.         ])
    214. 

  214.         self.assertEqual(response.status_code, 400)
    215. 

  215. 

  216.         response_json = json.loads(smart_str(response.content))
    217. 

  217.         self.assertEqual(response_json['detail'][0], "You can't approve posts in this category.")
    218. 

  218. 

  219.         self.refresh_post()
    220. 

  220.         self.assertTrue(self.post.is_unapproved)
    221. 

  221. 

  222.     def test_approve_first_post(self):
    223. 

  223.         """api approve first post fails"""
    224. 

  224.         self.post.is_unapproved = True
    225. 

  225.         self.post.save()
    226. 

  226. 

  227.         self.thread.set_first_post(self.post)
    228. 

  228.         self.thread.save()
    229. 

  229. 

  230.         self.override_acl({
    231. 

  231.             'can_approve_content': 1
    232. 

  232.         })
    233. 

  233. 

  234.         response = self.patch(self.api_link, [
    235. 

  235.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    236. 

  236.         ])
    237. 

  237.         self.assertEqual(response.status_code, 400)
    238. 

  238. 

  239.         response_json = json.loads(smart_str(response.content))
    240. 

  240.         self.assertEqual(response_json['detail'][0], "You can't approve thread's first post.")
    241. 

  241. 

  242.         self.refresh_post()
    243. 

  243.         self.assertTrue(self.post.is_unapproved)
    244. 

  244. 

  245.     def test_approve_hidden_post(self):
    246. 

  246.         """api approve hidden post fails"""
    247. 

  247.         self.post.is_unapproved = True
    248. 

  248.         self.post.is_hidden = True
    249. 

  249.         self.post.save()
    250. 

  250. 

  251.         self.override_acl({
    252. 

  252.             'can_approve_content': 1
    253. 

  253.         })
    254. 

  254. 

  255.         response = self.patch(self.api_link, [
    256. 

  256.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    257. 

  257.         ])
    258. 

  258.         self.assertEqual(response.status_code, 400)
    259. 

  259. 

  260.         response_json = json.loads(smart_str(response.content))
    261. 

  261.         self.assertEqual(response_json['detail'][0], "You can't approve posts the content you can't see.")
    262. 

  262. 

  263.         self.refresh_post()
    264. 

  264.         self.assertTrue(self.post.is_unapproved)
    265. 

  265. 

  266. 

  267. class PostHideApiTests(ThreadPostPatchApiTestCase):
    268. 

  268.     def test_hide_post(self):
    269. 

  269.         """api makes it possible to hide post"""
    270. 

  270.         self.override_acl({
    271. 

  271.             'can_hide_posts': 1
    272. 

  272.         })
    273. 

  273. 

  274.         response = self.patch(self.api_link, [
    275. 

  275.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    276. 

  276.         ])
    277. 

  277.         self.assertEqual(response.status_code, 200)
    278. 

  278. 

  279.         self.refresh_post()
    280. 

  280.         self.assertTrue(self.post.is_hidden)
    281. 

  281. 

  282.     def test_show_post(self):
    283. 

  283.         """api makes it possible to unhide post"""
    284. 

  284.         self.post.is_hidden = True
    285. 

  285.         self.post.save()
    286. 

  286. 

  287.         self.refresh_post()
    288. 

  288.         self.assertTrue(self.post.is_hidden)
    289. 

  289. 

  290.         self.override_acl({
    291. 

  291.             'can_hide_posts': 1
    292. 

  292.         })
    293. 

  293. 

  294.         response = self.patch(self.api_link, [
    295. 

  295.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    296. 

  296.         ])
    297. 

  297.         self.assertEqual(response.status_code, 200)
    298. 

  298. 

  299.         self.refresh_post()
    300. 

  300.         self.assertFalse(self.post.is_hidden)
    301. 

  301. 

  302.     def test_hide_own_post(self):
    303. 

  303.         """api makes it possible to hide owned post"""
    304. 

  304.         self.override_acl({
    305. 

  305.             'can_hide_own_posts': 1
    306. 

  306.         })
    307. 

  307. 

  308.         response = self.patch(self.api_link, [
    309. 

  309.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    310. 

  310.         ])
    311. 

  311.         self.assertEqual(response.status_code, 200)
    312. 

  312. 

  313.         self.refresh_post()
    314. 

  314.         self.assertTrue(self.post.is_hidden)
    315. 

  315. 

  316.     def test_show_own_post(self):
    317. 

  317.         """api makes it possible to unhide owned post"""
    318. 

  318.         self.post.is_hidden = True
    319. 

  319.         self.post.save()
    320. 

  320. 

  321.         self.refresh_post()
    322. 

  322.         self.assertTrue(self.post.is_hidden)
    323. 

  323. 

  324.         self.override_acl({
    325. 

  325.             'can_hide_own_posts': 1
    326. 

  326.         })
    327. 

  327. 

  328.         response = self.patch(self.api_link, [
    329. 

  329.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    330. 

  330.         ])
    331. 

  331.         self.assertEqual(response.status_code, 200)
    332. 

  332. 

  333.         self.refresh_post()
    334. 

  334.         self.assertFalse(self.post.is_hidden)
    335. 

  335. 

  336.     def test_hide_post_no_permission(self):
    337. 

  337.         """api hide post with no permission fails"""
    338. 

  338.         self.override_acl({
    339. 

  339.             'can_hide_posts': 0
    340. 

  340.         })
    341. 

  341. 

  342.         response = self.patch(self.api_link, [
    343. 

  343.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    344. 

  344.         ])
    345. 

  345.         self.assertEqual(response.status_code, 400)
    346. 

  346. 

  347.         response_json = json.loads(smart_str(response.content))
    348. 

  348.         self.assertEqual(response_json['detail'][0], "You can't hide posts in this category.")
    349. 

  349. 

  350.         self.refresh_post()
    351. 

  351.         self.assertFalse(self.post.is_hidden)
    352. 

  352. 

  353.     def test_show_post_no_permission(self):
    354. 

  354.         """api unhide post with no permission fails"""
    355. 

  355.         self.post.is_hidden = True
    356. 

  356.         self.post.save()
    357. 

  357. 

  358.         self.refresh_post()
    359. 

  359.         self.assertTrue(self.post.is_hidden)
    360. 

  360. 

  361.         self.override_acl({
    362. 

  362.             'can_hide_posts': 0
    363. 

  363.         })
    364. 

  364. 

  365.         response = self.patch(self.api_link, [
    366. 

  366.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    367. 

  367.         ])
    368. 

  368.         self.assertEqual(response.status_code, 400)
    369. 

  369. 

  370.         response_json = json.loads(smart_str(response.content))
    371. 

  371.         self.assertEqual(response_json['detail'][0], "You can't reveal posts in this category.")
    372. 

  372. 

  373.         self.refresh_post()
    374. 

  374.         self.assertTrue(self.post.is_hidden)
    375. 

  375. 

  376.     def test_hide_own_protected_post(self):
    377. 

  377.         """api validates if we are trying to hide protected post"""
    378. 

  378.         self.post.is_protected = True
    379. 

  379.         self.post.save()
    380. 

  380. 

  381.         self.override_acl({
    382. 

  382.             'can_protect_posts': 0,
    383. 

  383.             'can_hide_own_posts': 1
    384. 

  384.         })
    385. 

  385. 

  386.         response = self.patch(self.api_link, [
    387. 

  387.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    388. 

  388.         ])
    389. 

  389.         self.assertEqual(response.status_code, 400)
    390. 

  390. 

  391.         response_json = json.loads(smart_str(response.content))
    392. 

  392.         self.assertEqual(response_json['detail'][0], "This post is protected. You can't hide it.")
    393. 

  393. 

  394.         self.refresh_post()
    395. 

  395.         self.assertFalse(self.post.is_hidden)
    396. 

  396. 

  397.     def test_show_own_protected_post(self):
    398. 

  398.         """api validates if we are trying to reveal protected post"""
    399. 

  399.         self.post.is_hidden = True
    400. 

  400.         self.post.save()
    401. 

  401. 

  402.         self.override_acl({
    403. 

  403.             'can_protect_posts': 0,
    404. 

  404.             'can_hide_own_posts': 1
    405. 

  405.         })
    406. 

  406. 

  407.         self.post.is_protected = True
    408. 

  408.         self.post.save()
    409. 

  409. 

  410.         response = self.patch(self.api_link, [
    411. 

  411.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    412. 

  412.         ])
    413. 

  413.         self.assertEqual(response.status_code, 400)
    414. 

  414. 

  415.         response_json = json.loads(smart_str(response.content))
    416. 

  416.         self.assertEqual(response_json['detail'][0], "This post is protected. You can't reveal it.")
    417. 

  417. 

  418.         self.refresh_post()
    419. 

  419.         self.assertTrue(self.post.is_hidden)
    420. 

  420. 

  421.     def test_hide_other_user_post(self):
    422. 

  422.         """api validates post ownership when hiding"""
    423. 

  423.         self.post.poster = None
    424. 

  424.         self.post.save()
    425. 

  425. 

  426.         self.override_acl({
    427. 

  427.             'can_hide_own_posts': 1
    428. 

  428.         })
    429. 

  429. 

  430.         response = self.patch(self.api_link, [
    431. 

  431.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    432. 

  432.         ])
    433. 

  433.         self.assertEqual(response.status_code, 400)
    434. 

  434. 

  435.         response_json = json.loads(smart_str(response.content))
    436. 

  436.         self.assertEqual(response_json['detail'][0], "You can't hide other users posts in this category.")
    437. 

  437. 

  438.         self.refresh_post()
    439. 

  439.         self.assertFalse(self.post.is_hidden)
    440. 

  440. 

  441.     def test_show_other_user_post(self):
    442. 

  442.         """api validates post ownership when revealing"""
    443. 

  443.         self.post.is_hidden = True
    444. 

  444.         self.post.poster = None
    445. 

  445.         self.post.save()
    446. 

  446. 

  447.         self.override_acl({
    448. 

  448.             'can_hide_own_posts': 1
    449. 

  449.         })
    450. 

  450. 

  451.         response = self.patch(self.api_link, [
    452. 

  452.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    453. 

  453.         ])
    454. 

  454.         self.assertEqual(response.status_code, 400)
    455. 

  455. 

  456.         response_json = json.loads(smart_str(response.content))
    457. 

  457.         self.assertEqual(response_json['detail'][0], "You can't reveal other users posts in this category.")
    458. 

  458. 

  459.         self.refresh_post()
    460. 

  460.         self.assertTrue(self.post.is_hidden)
    461. 

  461. 

  462.     def test_hide_own_post_after_edit_time(self):
    463. 

  463.         """api validates if we are trying to hide post after edit time"""
    464. 

  464.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    465. 

  465.         self.post.save()
    466. 

  466. 

  467.         self.override_acl({
    468. 

  468.             'post_edit_time': 1,
    469. 

  469.             'can_hide_own_posts': 1
    470. 

  470.         })
    471. 

  471. 

  472.         response = self.patch(self.api_link, [
    473. 

  473.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    474. 

  474.         ])
    475. 

  475.         self.assertEqual(response.status_code, 400)
    476. 

  476. 

  477.         response_json = json.loads(smart_str(response.content))
    478. 

  478.         self.assertEqual(response_json['detail'][0], "You can't hide posts that are older than 1 minute.")
    479. 

  479. 

  480.         self.refresh_post()
    481. 

  481.         self.assertFalse(self.post.is_hidden)
    482. 

  482. 

  483.     def test_show_own_post_after_edit_time(self):
    484. 

  484.         """api validates if we are trying to reveal post after edit time"""
    485. 

  485.         self.post.is_hidden = True
    486. 

  486.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    487. 

  487.         self.post.save()
    488. 

  488. 

  489.         self.override_acl({
    490. 

  490.             'post_edit_time': 1,
    491. 

  491.             'can_hide_own_posts': 1
    492. 

  492.         })
    493. 

  493. 

  494.         response = self.patch(self.api_link, [
    495. 

  495.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    496. 

  496.         ])
    497. 

  497.         self.assertEqual(response.status_code, 400)
    498. 

  498. 

  499.         response_json = json.loads(smart_str(response.content))
    500. 

  500.         self.assertEqual(response_json['detail'][0], "You can't reveal posts that are older than 1 minute.")
    501. 

  501. 

  502.         self.refresh_post()
    503. 

  503.         self.assertTrue(self.post.is_hidden)
    504. 

  504. 

  505.     def test_hide_post_in_closed_thread(self):
    506. 

  506.         """api validates if we are trying to hide post in closed thread"""
    507. 

  507.         self.thread.is_closed = True
    508. 

  508.         self.thread.save()
    509. 

  509. 

  510.         self.override_acl({
    511. 

  511.             'can_hide_own_posts': 1
    512. 

  512.         })
    513. 

  513. 

  514.         response = self.patch(self.api_link, [
    515. 

  515.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    516. 

  516.         ])
    517. 

  517.         self.assertEqual(response.status_code, 400)
    518. 

  518. 

  519.         response_json = json.loads(smart_str(response.content))
    520. 

  520.         self.assertEqual(response_json['detail'][0], "This thread is closed. You can't hide posts in it.")
    521. 

  521. 

  522.         self.refresh_post()
    523. 

  523.         self.assertFalse(self.post.is_hidden)
    524. 

  524. 

  525.     def test_show_post_in_closed_thread(self):
    526. 

  526.         """api validates if we are trying to reveal post in closed thread"""
    527. 

  527.         self.thread.is_closed = True
    528. 

  528.         self.thread.save()
    529. 

  529. 

  530.         self.post.is_hidden = True
    531. 

  531.         self.post.save()
    532. 

  532. 

  533.         self.override_acl({
    534. 

  534.             'can_hide_own_posts': 1
    535. 

  535.         })
    536. 

  536. 

  537.         response = self.patch(self.api_link, [
    538. 

  538.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    539. 

  539.         ])
    540. 

  540.         self.assertEqual(response.status_code, 400)
    541. 

  541. 

  542.         response_json = json.loads(smart_str(response.content))
    543. 

  543.         self.assertEqual(response_json['detail'][0], "This thread is closed. You can't reveal posts in it.")
    544. 

  544. 

  545.         self.refresh_post()
    546. 

  546.         self.assertTrue(self.post.is_hidden)
    547. 

  547. 

  548.     def test_hide_post_in_closed_category(self):
    549. 

  549.         """api validates if we are trying to hide post in closed category"""
    550. 

  550.         self.category.is_closed = True
    551. 

  551.         self.category.save()
    552. 

  552. 

  553.         self.override_acl({
    554. 

  554.             'can_hide_own_posts': 1
    555. 

  555.         })
    556. 

  556. 

  557.         response = self.patch(self.api_link, [
    558. 

  558.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    559. 

  559.         ])
    560. 

  560.         self.assertEqual(response.status_code, 400)
    561. 

  561. 

  562.         response_json = json.loads(smart_str(response.content))
    563. 

  563.         self.assertEqual(response_json['detail'][0], "This category is closed. You can't hide posts in it.")
    564. 

  564. 

  565.         self.refresh_post()
    566. 

  566.         self.assertFalse(self.post.is_hidden)
    567. 

  567. 

  568.     def test_show_post_in_closed_category(self):
    569. 

  569.         """api validates if we are trying to reveal post in closed category"""
    570. 

  570.         self.category.is_closed = True
    571. 

  571.         self.category.save()
    572. 

  572. 

  573.         self.post.is_hidden = True
    574. 

  574.         self.post.save()
    575. 

  575. 

  576.         self.override_acl({
    577. 

  577.             'can_hide_own_posts': 1
    578. 

  578.         })
    579. 

  579. 

  580.         response = self.patch(self.api_link, [
    581. 

  581.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    582. 

  582.         ])
    583. 

  583.         self.assertEqual(response.status_code, 400)
    584. 

  584. 

  585.         response_json = json.loads(smart_str(response.content))
    586. 

  586.         self.assertEqual(response_json['detail'][0], "This category is closed. You can't reveal posts in it.")
    587. 

  587. 

  588.         self.refresh_post()
    589. 

  589.         self.assertTrue(self.post.is_hidden)
    590. 

  590. 

  591.     def test_hide_first_post(self):
    592. 

  592.         """api hide first post fails"""
    593. 

  593.         self.thread.set_first_post(self.post)
    594. 

  594.         self.thread.save()
    595. 

  595. 

  596.         self.override_acl({
    597. 

  597.             'can_hide_posts': 1
    598. 

  598.         })
    599. 

  599. 

  600.         response = self.patch(self.api_link, [
    601. 

  601.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    602. 

  602.         ])
    603. 

  603.         self.assertEqual(response.status_code, 400)
    604. 

  604. 

  605.         response_json = json.loads(smart_str(response.content))
    606. 

  606.         self.assertEqual(response_json['detail'][0], "You can't hide thread's first post.")
    607. 

  607. 

  608.     def test_show_first_post(self):
    609. 

  609.         """api unhide first post fails"""
    610. 

  610.         self.thread.set_first_post(self.post)
    611. 

  611.         self.thread.save()
    612. 

  612. 

  613.         self.override_acl({
    614. 

  614.             'can_hide_posts': 1
    615. 

  615.         })
    616. 

  616. 

  617.         response = self.patch(self.api_link, [
    618. 

  618.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    619. 

  619.         ])
    620. 

  620.         self.assertEqual(response.status_code, 400)
    621. 

  621. 

  622.         response_json = json.loads(smart_str(response.content))
    623. 

  623.         self.assertEqual(response_json['detail'][0], "You can't reveal thread's first post.")
    624. 

  624. 

  625. 

  626. class ThreadEventPatchApiTestCase(ThreadPostPatchApiTestCase):
    627. 

  627.     def setUp(self):
    628. 

  628.         super(ThreadEventPatchApiTestCase, self).setUp()
    629. 

  629. 

  630.         self.event = testutils.reply_thread(self.thread, poster=self.user, is_event=True)
    631. 

  631. 

  632.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    633. 

  633.             'thread_pk': self.thread.pk,
    634. 

  634.             'pk': self.event.pk
    635. 

  635.         })
    636. 

  636. 

  637.     def refresh_event(self):
    638. 

  638.         self.event = self.thread.post_set.get(pk=self.event.pk)
    639. 

  639. 

  640. 

  641. class EventAnonPatchApiTests(ThreadEventPatchApiTestCase):
    642. 

  642.     def test_anonymous_user(self):
    643. 

  643.         """anonymous users can't change event state"""
    644. 

  644.         self.logout_user()
    645. 

  645. 

  646.         response = self.patch(self.api_link, [
    647. 

  647.             {'op': 'add', 'path': 'acl', 'value': True}
    648. 

  648.         ])
    649. 

  649.         self.assertEqual(response.status_code, 403)
    650. 

  650. 

  651. 

  652. class EventAddAclApiTests(ThreadEventPatchApiTestCase):
    653. 

  653.     def test_add_acl_true(self):
    654. 

  654.         """api adds current event's acl to response"""
    655. 

  655.         response = self.patch(self.api_link, [
    656. 

  656.             {'op': 'add', 'path': 'acl', 'value': True}
    657. 

  657.         ])
    658. 

  658.         self.assertEqual(response.status_code, 200)
    659. 

  659. 

  660.         response_json = json.loads(smart_str(response.content))
    661. 

  661.         self.assertTrue(response_json['acl'])
    662. 

  662. 

  663.     def test_add_acl_false(self):
    664. 

  664.         """if value is false, api won't add acl to the response, but will set empty key"""
    665. 

  665.         response = self.patch(self.api_link, [
    666. 

  666.             {'op': 'add', 'path': 'acl', 'value': False}
    667. 

  667.         ])
    668. 

  668.         self.assertEqual(response.status_code, 200)
    669. 

  669. 

  670.         response_json = json.loads(smart_str(response.content))
    671. 

  671.         self.assertIsNone(response_json['acl'])
    672. 

  672. 

  673.         response = self.patch(self.api_link, [
    674. 

  674.             {'op': 'add', 'path': 'acl', 'value': True}
    675. 

  675.         ])
    676. 

  676.         self.assertEqual(response.status_code, 200)
    677. 

  677. 

  678. 

  679. class EventHideApiTests(ThreadEventPatchApiTestCase):
    680. 

  680.     def test_hide_event(self):
    681. 

  681.         """api makes it possible to hide event"""
    682. 

  682.         self.override_acl({
    683. 

  683.             'can_hide_events': 1
    684. 

  684.         })
    685. 

  685. 

  686.         response = self.patch(self.api_link, [
    687. 

  687.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    688. 

  688.         ])
    689. 

  689.         self.assertEqual(response.status_code, 200)
    690. 

  690. 

  691.         self.refresh_event()
    692. 

  692.         self.assertTrue(self.event.is_hidden)
    693. 

  693. 

  694.     def test_show_event(self):
    695. 

  695.         """api makes it possible to unhide event"""
    696. 

  696.         self.event.is_hidden = True
    697. 

  697.         self.event.save()
    698. 

  698. 

  699.         self.refresh_event()
    700. 

  700.         self.assertTrue(self.event.is_hidden)
    701. 

  701. 

  702.         self.override_acl({
    703. 

  703.             'can_hide_events': 1
    704. 

  704.         })
    705. 

  705. 

  706.         response = self.patch(self.api_link, [
    707. 

  707.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    708. 

  708.         ])
    709. 

  709.         self.assertEqual(response.status_code, 200)
    710. 

  710. 

  711.         self.refresh_event()
    712. 

  712.         self.assertFalse(self.event.is_hidden)
    713. 

  713. 

  714.     def test_hide_event_no_permission(self):
    715. 

  715.         """api hide event with no permission fails"""
    716. 

  716.         self.override_acl({
    717. 

  717.             'can_hide_events': 0
    718. 

  718.         })
    719. 

  719. 

  720.         response = self.patch(self.api_link, [
    721. 

  721.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    722. 

  722.         ])
    723. 

  723.         self.assertEqual(response.status_code, 400)
    724. 

  724. 

  725.         response_json = json.loads(smart_str(response.content))
    726. 

  726.         self.assertEqual(response_json['detail'][0], "You don't have permission to hide this event.")
    727. 

  727. 

  728.         self.refresh_event()
    729. 

  729.         self.assertFalse(self.event.is_hidden)
    730. 

  730. 

  731.     def test_show_event_no_permission(self):
    732. 

  732.         """api unhide event with no permission fails"""
    733. 

  733.         self.event.is_hidden = True
    734. 

  734.         self.event.save()
    735. 

  735. 

  736.         self.refresh_event()
    737. 

  737.         self.assertTrue(self.event.is_hidden)
    738. 

  738. 

  739.         self.override_acl({
    740. 

  740.             'can_hide_events': 0
    741. 

  741.         })
    742. 

  742. 

  743.         response = self.patch(self.api_link, [
    744. 

  744.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    745. 

  745.         ])
    746. 

  746.         self.assertEqual(response.status_code, 404)
    747.