| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578 |
- import os
- from django.urls import reverse
- from misago.acl import useracl
- from misago.acl.objectacl import add_acl_to_obj
- from misago.categories.models import Category
- from misago.conftest import get_cache_versions
- from misago.threads import testutils
- from misago.threads.models import Attachment
- from misago.threads.serializers import AttachmentSerializer
- from misago.threads.test import patch_category_acl
- from misago.users.testutils import AuthenticatedUserTestCase
- TESTFILES_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'testfiles')
- TEST_DOCUMENT_PATH = os.path.join(TESTFILES_DIR, 'document.pdf')
- cache_versions = get_cache_versions()
- class EditorApiTestCase(AuthenticatedUserTestCase):
- def setUp(self):
- super().setUp()
- self.category = Category.objects.get(slug='first-category')
- class ThreadPostEditorApiTests(EditorApiTestCase):
- def setUp(self):
- super().setUp()
- self.api_link = reverse('misago:api:thread-editor')
- def test_anonymous_user_request(self):
- """endpoint validates if user is authenticated"""
- self.logout_user()
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You need to be signed in to start threads.",
- })
- @patch_category_acl({'can_browse': False})
- def test_category_visibility_validation(self):
- """endpoint omits non-browseable categories"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "No categories that allow new threads are available to you at the moment.",
- })
- @patch_category_acl({'can_start_threads': False})
- def test_category_disallowing_new_threads(self):
- """endpoint omits category disallowing starting threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "No categories that allow new threads are available to you at the moment.",
- })
- @patch_category_acl({'can_close_threads': False, 'can_start_threads': True})
- def test_category_closed_disallowing_new_threads(self):
- """endpoint omits closed category"""
- self.category.is_closed = True
- self.category.save()
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "No categories that allow new threads are available to you at the moment.",
- })
- @patch_category_acl({'can_close_threads': True, 'can_start_threads': True})
- def test_category_closed_allowing_new_threads(self):
- """endpoint adds closed category that allows new threads"""
- self.category.is_closed = True
- self.category.save()
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': True,
- 'hide': False,
- 'pin': 0,
- },
- }
- )
- @patch_category_acl({'can_start_threads': True})
- def test_category_allowing_new_threads(self):
- """endpoint adds category that allows new threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': False,
- 'hide': False,
- 'pin': 0,
- },
- }
- )
- @patch_category_acl({'can_close_threads': True, 'can_start_threads': True})
- def test_category_allowing_closing_threads(self):
- """endpoint adds category that allows new closed threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': True,
- 'hide': False,
- 'pin': 0,
- },
- }
- )
- @patch_category_acl({'can_start_threads': True, 'can_pin_threads': 1})
- def test_category_allowing_locally_pinned_threads(self):
- """endpoint adds category that allows locally pinned threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': False,
- 'hide': False,
- 'pin': 1,
- },
- }
- )
- @patch_category_acl({'can_start_threads': True, 'can_pin_threads': 2})
- def test_category_allowing_globally_pinned_threads(self):
- """endpoint adds category that allows globally pinned threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': False,
- 'hide': False,
- 'pin': 2,
- },
- }
- )
- @patch_category_acl({'can_start_threads': True, 'can_hide_threads': 1})
- def test_category_allowing_hidding_threads(self):
- """endpoint adds category that allows hiding threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': 0,
- 'hide': 1,
- 'pin': 0,
- },
- }
- )
- @patch_category_acl({'can_start_threads': True, 'can_hide_threads': 2})
- def test_category_allowing_hidding_and_deleting_threads(self):
- """endpoint adds category that allows hiding and deleting threads"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- response_json = response.json()
- self.assertEqual(
- response_json[0], {
- 'id': self.category.pk,
- 'name': self.category.name,
- 'level': 0,
- 'post': {
- 'close': False,
- 'hide': 1,
- 'pin': 0,
- },
- }
- )
- class ThreadReplyEditorApiTests(EditorApiTestCase):
- def setUp(self):
- super().setUp()
- self.thread = testutils.post_thread(category=self.category)
- self.api_link = reverse(
- 'misago:api:thread-post-editor', kwargs={
- 'thread_pk': self.thread.pk,
- }
- )
- def test_anonymous_user_request(self):
- """endpoint validates if user is authenticated"""
- self.logout_user()
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You have to sign in to reply threads.",
- })
- def test_thread_visibility(self):
- """thread's visibility is validated"""
- with patch_category_acl({'can_see': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- with patch_category_acl({'can_browse': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- with patch_category_acl({'can_see_all_threads': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- @patch_category_acl({'can_reply_threads': False})
- def test_no_reply_permission(self):
- """permssion to reply is validated"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You can't reply to threads in this category.",
- })
- def test_closed_category(self):
- """permssion to reply in closed category is validated"""
- self.category.is_closed = True
- self.category.save()
- with patch_category_acl({'can_reply_threads': True, 'can_close_threads': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "This category is closed. You can't reply to threads in it.",
- })
- # allow to post in closed category
- with patch_category_acl({'can_reply_threads': True, 'can_close_threads': True}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- def test_closed_thread(self):
- """permssion to reply in closed thread is validated"""
- self.thread.is_closed = True
- self.thread.save()
- with patch_category_acl({'can_reply_threads': True, 'can_close_threads': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You can't reply to closed threads in this category.",
- })
- # allow to post in closed thread
- with patch_category_acl({'can_reply_threads': True, 'can_close_threads': True}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- @patch_category_acl({'can_reply_threads': True})
- def test_allow_reply_thread(self):
- """api returns 200 code if thread reply is allowed"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- def test_reply_to_visibility(self):
- """api validates replied post visibility"""
- # unapproved reply can't be replied to
- unapproved_reply = testutils.reply_thread(self.thread, is_unapproved=True)
- with patch_category_acl({'can_reply_threads': True}):
- response = self.client.get('%s?reply=%s' % (self.api_link, unapproved_reply.pk))
- self.assertEqual(response.status_code, 404)
- # hidden reply can't be replied to
- hidden_reply = testutils.reply_thread(self.thread, is_hidden=True)
- with patch_category_acl({'can_reply_threads': True}):
- response = self.client.get('%s?reply=%s' % (self.api_link, hidden_reply.pk))
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You can't reply to hidden posts.",
- })
- def test_reply_to_other_thread_post(self):
- """api validates is replied post belongs to same thread"""
- other_thread = testutils.post_thread(category=self.category)
- reply_to = testutils.reply_thread(other_thread)
- response = self.client.get('%s?reply=%s' % (self.api_link, reply_to.pk))
- self.assertEqual(response.status_code, 404)
- @patch_category_acl({'can_reply_threads': True})
- def test_reply_to_event(self):
- """events can't be replied to"""
- reply_to = testutils.reply_thread(self.thread, is_event=True)
- response = self.client.get('%s?reply=%s' % (self.api_link, reply_to.pk))
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You can't reply to events.",
- })
- @patch_category_acl({'can_reply_threads': True})
- def test_reply_to(self):
- """api includes replied to post details in response"""
- reply_to = testutils.reply_thread(self.thread)
- response = self.client.get('%s?reply=%s' % (self.api_link, reply_to.pk))
- self.assertEqual(response.status_code, 200)
- self.assertEqual(
- response.json(), {
- 'id': reply_to.pk,
- 'post': reply_to.original,
- 'poster': reply_to.poster_name,
- }
- )
- class EditReplyEditorApiTests(EditorApiTestCase):
- def setUp(self):
- super().setUp()
- self.thread = testutils.post_thread(category=self.category)
- self.post = testutils.reply_thread(self.thread, poster=self.user)
- self.api_link = reverse(
- 'misago:api:thread-post-editor',
- kwargs={
- 'thread_pk': self.thread.pk,
- 'pk': self.post.pk,
- }
- )
- def test_anonymous_user_request(self):
- """endpoint validates if user is authenticated"""
- self.logout_user()
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You have to sign in to edit posts.",
- })
- def test_thread_visibility(self):
- """thread's visibility is validated"""
- with patch_category_acl({'can_see': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- with patch_category_acl({'can_browse': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- with patch_category_acl({'can_see_all_threads': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- @patch_category_acl({'can_edit_posts': 0})
- def test_no_edit_permission(self):
- """permssion to edit is validated"""
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You can't edit posts in this category.",
- })
- def test_closed_category(self):
- """permssion to edit in closed category is validated"""
- self.category.is_closed = True
- self.category.save()
- with patch_category_acl({'can_edit_posts': 1, 'can_close_threads': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "This category is closed. You can't edit posts in it.",
- })
- # allow to edit in closed category
- with patch_category_acl({'can_edit_posts': 1, 'can_close_threads': True}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- def test_closed_thread(self):
- """permssion to edit in closed thread is validated"""
- self.thread.is_closed = True
- self.thread.save()
- with patch_category_acl({'can_edit_posts': 1, 'can_close_threads': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "This thread is closed. You can't edit posts in it.",
- })
- # allow to edit in closed thread
- with patch_category_acl({'can_edit_posts': 1, 'can_close_threads': True}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- def test_protected_post(self):
- """permssion to edit protected post is validated"""
- self.post.is_protected = True
- self.post.save()
- with patch_category_acl({'can_edit_posts': 1, 'can_protect_posts': False}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "This post is protected. You can't edit it.",
- })
- # allow to post in closed thread
- with patch_category_acl({'can_edit_posts': 1, 'can_protect_posts': True}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- def test_post_visibility(self):
- """edited posts visibility is validated"""
- self.post.is_hidden = True
- self.post.save()
- with patch_category_acl({'can_edit_posts': 1}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "This post is hidden, you can't edit it.",
- })
- # allow hidden edition
- with patch_category_acl({'can_edit_posts': 1, 'can_hide_posts': 1}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- # test unapproved post
- self.post.is_unapproved = True
- self.post.is_hidden = False
- self.post.poster = None
- self.post.save()
- with patch_category_acl({'can_edit_posts': 2, 'can_approve_content': 0}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 404)
- # allow unapproved edition
- with patch_category_acl({'can_edit_posts': 2, 'can_approve_content': 1}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- @patch_category_acl({'can_edit_posts': 2})
- def test_post_is_event(self):
- """events can't be edited"""
- self.post.is_event = True
- self.post.save()
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "Events can't be edited.",
- })
- def test_other_user_post(self):
- """api validates if other user's post can be edited"""
- self.post.poster = None
- self.post.save()
- with patch_category_acl({'can_edit_posts': 1}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "You can't edit other users posts in this category.",
- })
- # allow other users post edition
- with patch_category_acl({'can_edit_posts': 2}):
- response = self.client.get(self.api_link)
- self.assertEqual(response.status_code, 200)
- @patch_category_acl({'can_hide_threads': 1, 'can_edit_posts': 2})
- def test_edit_first_post_hidden(self):
- """endpoint returns valid configuration for editor of hidden thread's first post"""
- self.thread.is_hidden = True
- self.thread.save()
- self.thread.first_post.is_hidden = True
- self.thread.first_post.save()
- api_link = reverse(
- 'misago:api:thread-post-editor',
- kwargs={
- 'thread_pk': self.thread.pk,
- 'pk': self.thread.first_post.pk,
- }
- )
- response = self.client.get(api_link)
- self.assertEqual(response.status_code, 200)
- @patch_category_acl({'can_edit_posts': 1})
- def test_edit(self):
- """endpoint returns valid configuration for editor"""
- with patch_category_acl({'max_attachment_size': 1000}):
- for _ in range(3):
- with open(TEST_DOCUMENT_PATH, 'rb') as upload:
- response = self.client.post(
- reverse('misago:api:attachment-list'), data={
- 'upload': upload,
- }
- )
- self.assertEqual(response.status_code, 200)
- attachments = list(Attachment.objects.order_by('id'))
- attachments[0].uploader = None
- attachments[0].save()
- for attachment in attachments[:2]:
- attachment.post = self.post
- attachment.save()
- response = self.client.get(self.api_link)
- user_acl = useracl.get_user_acl(self.user, cache_versions)
- for attachment in attachments:
- add_acl_to_obj(user_acl, attachment)
- self.assertEqual(response.status_code, 200)
- self.assertEqual(
- response.json(), {
- 'id': self.post.pk,
- 'api': self.post.get_api_url(),
- 'post': self.post.original,
- 'can_protect': False,
- 'is_protected': self.post.is_protected,
- 'poster': self.post.poster_name,
- 'attachments': [
- AttachmentSerializer(attachments[1], context={'user': self.user}).data,
- AttachmentSerializer(attachments[0], context={'user': self.user}).data,
- ],
- }
- )
|
