Главная Обзор Помощь
Вход
221V
/
Misago
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: b0418446a3
Ветки Метки
Misago
/
misago
/
threads
/
tests
/
test_thread_postdelete_api.py

test_thread_postdelete_api.py 9.0 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276 
  1. from datetime import timedelta
    2. 

  2. 

  3. from django.urls import reverse
    4. 

  4. from django.utils import timezone
    5. 

  5. 

  6. from misago.threads import testutils
    7. 

  7. from misago.threads.models import Post, Thread
    8. 

  8. 

  9. from .test_threads_api import ThreadsApiTestCase
    10. 

  10. 

  11. 

  12. class PostDeleteApiTests(ThreadsApiTestCase):
    13. 

  13.     def setUp(self):
    14. 

  14.         super().setUp()
    15. 

  15. 

  16.         self.post = testutils.reply_thread(self.thread, poster=self.user)
    17. 

  17. 

  18.         self.api_link = reverse(
    19. 

  19.             'misago:api:thread-post-detail',
    20. 

  20.             kwargs={
    21. 

  21.                 'thread_pk': self.thread.pk,
    22. 

  22.                 'pk': self.post.pk,
    23. 

  23.             }
    24. 

  24.         )
    25. 

  25. 

  26.     def test_delete_anonymous(self):
    27. 

  27.         """api validates if deleting user is authenticated"""
    28. 

  28.         self.logout_user()
    29. 

  29. 

  30.         response = self.client.delete(self.api_link)
    31. 

  31.         self.assertEqual(response.status_code, 403)
    32. 

  32.         self.assertEqual(response.json(), {
    33. 

  33.             "detail": "This action is not available to guests.",
    34. 

  34.         })
    35. 

  35. 

  36.     def test_no_permission(self):
    37. 

  37.         """api validates permission to delete post"""
    38. 

  38.         self.override_acl({'can_hide_own_posts': 1, 'can_hide_posts': 1})
    39. 

  39. 

  40.         response = self.client.delete(self.api_link)
    41. 

  41.         self.assertEqual(response.status_code, 403)
    42. 

  42.         self.assertEqual(response.json(), {
    43. 

  43.             "detail": "You can't delete posts in this category.",
    44. 

  44.         })
    45. 

  45. 

  46.     def test_delete_other_user_post_no_permission(self):
    47. 

  47.         """api valdiates if user can delete other users posts"""
    48. 

  48.         self.override_acl({
    49. 

  49.             'post_edit_time': 0,
    50. 

  50.             'can_hide_own_posts': 2,
    51. 

  51.             'can_hide_posts': 0,
    52. 

  52.         })
    53. 

  53. 

  54.         self.post.poster = None
    55. 

  55.         self.post.save()
    56. 

  56. 

  57.         response = self.client.delete(self.api_link)
    58. 

  58.         self.assertEqual(response.status_code, 403)
    59. 

  59.         self.assertEqual(response.json(), {
    60. 

  60.             "detail": "You can't delete other users posts in this category.",
    61. 

  61.         })
    62. 

  62. 

  63.     def test_delete_protected_post_no_permission(self):
    64. 

  64.         """api validates if user can delete protected post"""
    65. 

  65.         self.override_acl({
    66. 

  66.             'can_protect_posts': 0,
    67. 

  67.             'can_hide_own_posts': 2,
    68. 

  68.             'can_hide_posts': 0,
    69. 

  69.         })
    70. 

  70. 

  71.         self.post.is_protected = True
    72. 

  72.         self.post.save()
    73. 

  73. 

  74.         response = self.client.delete(self.api_link)
    75. 

  75.         self.assertEqual(response.status_code, 403)
    76. 

  76.         self.assertEqual(response.json(), {
    77. 

  77.             "detail": "This post is protected. You can't delete it.",
    78. 

  78.         })
    79. 

  79. 

  80.     def test_delete_protected_post_after_edit_time(self):
    81. 

  81.         """api validates if user can delete delete post after edit time"""
    82. 

  82.         self.override_acl({
    83. 

  83.             'post_edit_time': 1,
    84. 

  84.             'can_hide_own_posts': 2,
    85. 

  85.             'can_hide_posts': 0,
    86. 

  86.         })
    87. 

  87. 

  88.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    89. 

  89.         self.post.save()
    90. 

  90. 

  91.         response = self.client.delete(self.api_link)
    92. 

  92.         self.assertEqual(response.status_code, 403)
    93. 

  93.         self.assertEqual(response.json(), {
    94. 

  94.             "detail": "You can't delete posts that are older than 1 minute.",
    95. 

  95.         })
    96. 

  96. 

  97.     def test_delete_post_closed_thread_no_permission(self):
    98. 

  98.         """api valdiates if user can delete posts in closed threads"""
    99. 

  99.         self.override_acl({
    100. 

  100.             'can_hide_own_posts': 2,
    101. 

  101.             'can_hide_posts': 0,
    102. 

  102.         })
    103. 

  103. 

  104.         self.thread.is_closed = True
    105. 

  105.         self.thread.save()
    106. 

  106. 

  107.         response = self.client.delete(self.api_link)
    108. 

  108.         self.assertEqual(response.status_code, 403)
    109. 

  109.         self.assertEqual(response.json(), {
    110. 

  110.             "detail": "This thread is closed. You can't delete posts in it.",
    111. 

  111.         })
    112. 

  112. 

  113.     def test_delete_post_closed_category_no_permission(self):
    114. 

  114.         """api valdiates if user can delete posts in closed categories"""
    115. 

  115.         self.override_acl({
    116. 

  116.             'can_hide_own_posts': 2,
    117. 

  117.             'can_hide_posts': 0,
    118. 

  118.         })
    119. 

  119. 

  120.         self.category.is_closed = True
    121. 

  121.         self.category.save()
    122. 

  122. 

  123.         response = self.client.delete(self.api_link)
    124. 

  124.         self.assertEqual(response.status_code, 403)
    125. 

  125.         self.assertEqual(response.json(), {
    126. 

  126.             "detail": "This category is closed. You can't delete posts in it.",
    127. 

  127.         })
    128. 

  128. 

  129.     def test_delete_first_post(self):
    130. 

  130.         """api disallows first post deletion"""
    131. 

  131.         self.override_acl({'can_hide_own_posts': 2, 'can_hide_posts': 2})
    132. 

  132. 

  133.         api_link = reverse(
    134. 

  134.             'misago:api:thread-post-detail',
    135. 

  135.             kwargs={
    136. 

  136.                 'thread_pk': self.thread.pk,
    137. 

  137.                 'pk': self.thread.first_post_id,
    138. 

  138.             }
    139. 

  139.         )
    140. 

  140. 

  141.         response = self.client.delete(api_link)
    142. 

  142.         self.assertEqual(response.status_code, 403)
    143. 

  143.         self.assertEqual(response.json(), {
    144. 

  144.             "detail": "You can't delete thread's first post.",
    145. 

  145.         })
    146. 

  146. 

  147.     def test_delete_best_answer(self):
    148. 

  148.         """api disallows best answer deletion"""
    149. 

  149.         self.override_acl({'can_hide_own_posts': 2, 'can_hide_posts': 2})
    150. 

  150. 

  151.         self.thread.set_best_answer(self.user, self.post)
    152. 

  152.         self.thread.save()
    153. 

  153. 

  154.         response = self.client.delete(self.api_link)
    155. 

  155.         self.assertEqual(response.status_code, 403)
    156. 

  156.         self.assertEqual(response.json(), {
    157. 

  157.             'detail': "You can't delete this post because its marked as best answer.",
    158. 

  158.         })
    159. 

  159. 

  160.     def test_delete_owned_post(self):
    161. 

  161.         """api deletes owned thread post"""
    162. 

  162.         self.override_acl({
    163. 

  163.             'post_edit_time': 0,
    164. 

  164.             'can_hide_own_posts': 2,
    165. 

  165.             'can_hide_posts': 0,
    166. 

  166.         })
    167. 

  167. 

  168.         response = self.client.delete(self.api_link)
    169. 

  169.         self.assertEqual(response.status_code, 200)
    170. 

  170. 

  171.         self.thread = Thread.objects.get(pk=self.thread.pk)
    172. 

  172. 

  173.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    174. 

  174.         with self.assertRaises(Post.DoesNotExist):
    175. 

  175.             self.thread.post_set.get(pk=self.post.pk)
    176. 

  176. 

  177.     def test_delete_post(self):
    178. 

  178.         """api deletes thread post"""
    179. 

  179.         self.override_acl({'can_hide_own_posts': 0, 'can_hide_posts': 2})
    180. 

  180. 

  181.         response = self.client.delete(self.api_link)
    182. 

  182.         self.assertEqual(response.status_code, 200)
    183. 

  183. 

  184.         self.thread = Thread.objects.get(pk=self.thread.pk)
    185. 

  185. 

  186.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    187. 

  187.         with self.assertRaises(Post.DoesNotExist):
    188. 

  188.             self.thread.post_set.get(pk=self.post.pk)
    189. 

  189. 

  190. 

  191. class EventDeleteApiTests(ThreadsApiTestCase):
    192. 

  192.     def setUp(self):
    193. 

  193.         super().setUp()
    194. 

  194. 

  195.         self.event = testutils.reply_thread(self.thread, poster=self.user, is_event=True)
    196. 

  196. 

  197.         self.api_link = reverse(
    198. 

  198.             'misago:api:thread-post-detail',
    199. 

  199.             kwargs={
    200. 

  200.                 'thread_pk': self.thread.pk,
    201. 

  201.                 'pk': self.event.pk,
    202. 

  202.             }
    203. 

  203.         )
    204. 

  204. 

  205.     def test_delete_anonymous(self):
    206. 

  206.         """api validates if deleting user is authenticated"""
    207. 

  207.         self.logout_user()
    208. 

  208. 

  209.         response = self.client.delete(self.api_link)
    210. 

  210.         self.assertEqual(response.status_code, 403)
    211. 

  211.         self.assertEqual(response.json(), {
    212. 

  212.             "detail": "This action is not available to guests.",
    213. 

  213.         })
    214. 

  214. 

  215.     def test_no_permission(self):
    216. 

  216.         """api validates permission to delete event"""
    217. 

  217.         self.override_acl({
    218. 

  218.             'can_hide_own_posts': 2,
    219. 

  219.             'can_hide_posts': 2,
    220. 

  220.             'can_hide_events': 0,
    221. 

  221.         })
    222. 

  222. 

  223.         response = self.client.delete(self.api_link)
    224. 

  224.         self.assertEqual(response.status_code, 403)
    225. 

  225.         self.assertEqual(response.json(), {
    226. 

  226.             "detail": "You can't delete events in this category.",
    227. 

  227.         })
    228. 

  228. 

  229.     def test_delete_event_closed_thread_no_permission(self):
    230. 

  230.         """api valdiates if user can delete events in closed threads"""
    231. 

  231.         self.override_acl({
    232. 

  232.             'can_hide_events': 2,
    233. 

  233.             'can_close_threads': 0,
    234. 

  234.         })
    235. 

  235. 

  236.         self.thread.is_closed = True
    237. 

  237.         self.thread.save()
    238. 

  238. 

  239.         response = self.client.delete(self.api_link)
    240. 

  240.         self.assertEqual(response.status_code, 403)
    241. 

  241.         self.assertEqual(response.json(), {
    242. 

  242.             "detail": "This thread is closed. You can't delete events in it.",
    243. 

  243.         })
    244. 

  244. 

  245.     def test_delete_event_closed_category_no_permission(self):
    246. 

  246.         """api valdiates if user can delete events in closed categories"""
    247. 

  247.         self.override_acl({
    248. 

  248.             'can_hide_events': 2,
    249. 

  249.             'can_close_threads': 0,
    250. 

  250.         })
    251. 

  251. 

  252.         self.category.is_closed = True
    253. 

  253.         self.category.save()
    254. 

  254. 

  255.         response = self.client.delete(self.api_link)
    256. 

  256.         self.assertEqual(response.status_code, 403)
    257. 

  257.         self.assertEqual(response.json(), {
    258. 

  258.             "detail": "This category is closed. You can't delete events in it.",
    259. 

  259.         })
    260. 

  260. 

  261.     def test_delete_event(self):
    262. 

  262.         """api differs posts from events"""
    263. 

  263.         self.override_acl({
    264. 

  264.             'can_hide_own_posts': 0,
    265. 

  265.             'can_hide_posts': 0,
    266. 

  266.             'can_hide_events': 2,
    267. 

  267.         })
    268. 

  268. 

  269.         response = self.client.delete(self.api_link)
    270. 

  270.         self.assertEqual(response.status_code, 200)
    271. 

  271. 

  272.         self.thread = Thread.objects.get(pk=self.thread.pk)
    273. 

  273. 

  274.         self.assertNotEqual(self.thread.last_post_id, self.event.pk)
    275. 

  275.         with self.assertRaises(Post.DoesNotExist):
    276. 

  276.             self.thread.post_set.get(pk=self.event.pk)
    277.