Главная Обзор Помощь
Вход
221V
/
Misago
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: e1eea12159
Ветки Метки
Misago
/
misago
/
threads
/
tests
/
test_thread_postdelete_api.py

test_thread_postdelete_api.py 9.0 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260 
  1. from datetime import timedelta
    2. 

  2. 

  3. from django.urls import reverse
    4. 

  4. from django.utils import timezone
    5. 

  5. 

  6. from misago.threads import test
    7. 

  7. from misago.threads.models import Post, Thread
    8. 

  8. from misago.threads.test import patch_category_acl
    9. 

  9. 

  10. from .test_threads_api import ThreadsApiTestCase
    11. 

  11. 

  12. 

  13. class PostDeleteApiTests(ThreadsApiTestCase):
    14. 

  14.     def setUp(self):
    15. 

  15.         super().setUp()
    16. 

  16. 

  17.         self.post = test.reply_thread(self.thread, poster=self.user)
    18. 

  18. 

  19.         self.api_link = reverse(
    20. 

  20.             "misago:api:thread-post-detail",
    21. 

  21.             kwargs={"thread_pk": self.thread.pk, "pk": self.post.pk},
    22. 

  22.         )
    23. 

  23. 

  24.     def test_delete_anonymous(self):
    25. 

  25.         """api validates if deleting user is authenticated"""
    26. 

  26.         self.logout_user()
    27. 

  27. 

  28.         response = self.client.delete(self.api_link)
    29. 

  29.         self.assertEqual(response.status_code, 403)
    30. 

  30.         self.assertEqual(
    31. 

  31.             response.json(), {"detail": "This action is not available to guests."}
    32. 

  32.         )
    33. 

  33. 

  34.     @patch_category_acl({"can_hide_posts": 1, "can_hide_own_posts": 1})
    35. 

  35.     def test_no_permission(self):
    36. 

  36.         """api validates permission to delete post"""
    37. 

  37.         response = self.client.delete(self.api_link)
    38. 

  38.         self.assertEqual(response.status_code, 403)
    39. 

  39.         self.assertEqual(
    40. 

  40.             response.json(), {"detail": "You can't delete posts in this category."}
    41. 

  41.         )
    42. 

  42. 

  43.     @patch_category_acl(
    44. 

  44.         {"can_hide_posts": 1, "can_hide_own_posts": 2, "post_edit_time": 0}
    45. 

  45.     )
    46. 

  46.     def test_delete_other_user_post_no_permission(self):
    47. 

  47.         """api valdiates if user can delete other users posts"""
    48. 

  48.         self.post.poster = None
    49. 

  49.         self.post.save()
    50. 

  50. 

  51.         response = self.client.delete(self.api_link)
    52. 

  52.         self.assertEqual(response.status_code, 403)
    53. 

  53.         self.assertEqual(
    54. 

  54.             response.json(),
    55. 

  55.             {"detail": "You can't delete other users posts in this category."},
    56. 

  56.         )
    57. 

  57. 

  58.     @patch_category_acl(
    59. 

  59.         {"can_hide_posts": 1, "can_hide_own_posts": 2, "post_edit_time": 0}
    60. 

  60.     )
    61. 

  61.     def test_delete_protected_post_no_permission(self):
    62. 

  62.         """api validates if user can delete protected post"""
    63. 

  63.         self.post.is_protected = True
    64. 

  64.         self.post.save()
    65. 

  65. 

  66.         response = self.client.delete(self.api_link)
    67. 

  67.         self.assertEqual(response.status_code, 403)
    68. 

  68.         self.assertEqual(
    69. 

  69.             response.json(), {"detail": "This post is protected. You can't delete it."}
    70. 

  70.         )
    71. 

  71. 

  72.     @patch_category_acl(
    73. 

  73.         {"can_hide_posts": 1, "can_hide_own_posts": 2, "post_edit_time": 1}
    74. 

  74.     )
    75. 

  75.     def test_delete_protected_post_after_edit_time(self):
    76. 

  76.         """api validates if user can delete delete post after edit time"""
    77. 

  77.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    78. 

  78.         self.post.save()
    79. 

  79. 

  80.         response = self.client.delete(self.api_link)
    81. 

  81.         self.assertEqual(response.status_code, 403)
    82. 

  82.         self.assertEqual(
    83. 

  83.             response.json(),
    84. 

  84.             {"detail": "You can't delete posts that are older than 1 minute."},
    85. 

  85.         )
    86. 

  86. 

  87.     @patch_category_acl(
    88. 

  88.         {
    89. 

  89.             "can_hide_posts": 0,
    90. 

  90.             "can_hide_own_posts": 2,
    91. 

  91.             "post_edit_time": 0,
    92. 

  92.             "can_close_threads": False,
    93. 

  93.         }
    94. 

  94.     )
    95. 

  95.     def test_delete_post_closed_thread_no_permission(self):
    96. 

  96.         """api valdiates if user can delete posts in closed threads"""
    97. 

  97.         self.thread.is_closed = True
    98. 

  98.         self.thread.save()
    99. 

  99. 

  100.         response = self.client.delete(self.api_link)
    101. 

  101.         self.assertEqual(response.status_code, 403)
    102. 

  102.         self.assertEqual(
    103. 

  103.             response.json(),
    104. 

  104.             {"detail": "This thread is closed. You can't delete posts in it."},
    105. 

  105.         )
    106. 

  106. 

  107.     @patch_category_acl(
    108. 

  108.         {
    109. 

  109.             "can_hide_posts": 0,
    110. 

  110.             "can_hide_own_posts": 2,
    111. 

  111.             "post_edit_time": 0,
    112. 

  112.             "can_close_threads": False,
    113. 

  113.         }
    114. 

  114.     )
    115. 

  115.     def test_delete_post_closed_category_no_permission(self):
    116. 

  116.         """api valdiates if user can delete posts in closed categories"""
    117. 

  117.         self.category.is_closed = True
    118. 

  118.         self.category.save()
    119. 

  119. 

  120.         response = self.client.delete(self.api_link)
    121. 

  121.         self.assertEqual(response.status_code, 403)
    122. 

  122.         self.assertEqual(
    123. 

  123.             response.json(),
    124. 

  124.             {"detail": "This category is closed. You can't delete posts in it."},
    125. 

  125.         )
    126. 

  126. 

  127.     @patch_category_acl({"can_hide_posts": 2, "can_hide_own_posts": 2})
    128. 

  128.     def test_delete_first_post(self):
    129. 

  129.         """api disallows first post deletion"""
    130. 

  130.         api_link = reverse(
    131. 

  131.             "misago:api:thread-post-detail",
    132. 

  132.             kwargs={"thread_pk": self.thread.pk, "pk": self.thread.first_post_id},
    133. 

  133.         )
    134. 

  134. 

  135.         response = self.client.delete(api_link)
    136. 

  136.         self.assertEqual(response.status_code, 403)
    137. 

  137.         self.assertEqual(
    138. 

  138.             response.json(), {"detail": "You can't delete thread's first post."}
    139. 

  139.         )
    140. 

  140. 

  141.     @patch_category_acl({"can_hide_posts": 2, "can_hide_own_posts": 2})
    142. 

  142.     def test_delete_best_answer(self):
    143. 

  143.         """api disallows best answer deletion"""
    144. 

  144.         self.thread.set_best_answer(self.user, self.post)
    145. 

  145.         self.thread.save()
    146. 

  146. 

  147.         response = self.client.delete(self.api_link)
    148. 

  148.         self.assertEqual(response.status_code, 403)
    149. 

  149.         self.assertEqual(
    150. 

  150.             response.json(),
    151. 

  151.             {"detail": "You can't delete this post because its marked as best answer."},
    152. 

  152.         )
    153. 

  153. 

  154.     @patch_category_acl(
    155. 

  155.         {"can_hide_posts": 0, "can_hide_own_posts": 2, "post_edit_time": 0}
    156. 

  156.     )
    157. 

  157.     def test_delete_owned_post(self):
    158. 

  158.         """api deletes owned thread post"""
    159. 

  159.         response = self.client.delete(self.api_link)
    160. 

  160.         self.assertEqual(response.status_code, 200)
    161. 

  161. 

  162.         self.thread = Thread.objects.get(pk=self.thread.pk)
    163. 

  163. 

  164.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    165. 

  165.         with self.assertRaises(Post.DoesNotExist):
    166. 

  166.             self.thread.post_set.get(pk=self.post.pk)
    167. 

  167. 

  168.     @patch_category_acl({"can_hide_posts": 2, "can_hide_own_posts": 0})
    169. 

  169.     def test_delete_post(self):
    170. 

  170.         """api deletes thread post"""
    171. 

  171.         response = self.client.delete(self.api_link)
    172. 

  172.         self.assertEqual(response.status_code, 200)
    173. 

  173. 

  174.         self.thread = Thread.objects.get(pk=self.thread.pk)
    175. 

  175. 

  176.         self.assertNotEqual(self.thread.last_post_id, self.post.pk)
    177. 

  177.         with self.assertRaises(Post.DoesNotExist):
    178. 

  178.             self.thread.post_set.get(pk=self.post.pk)
    179. 

  179. 

  180. 

  181. class EventDeleteApiTests(ThreadsApiTestCase):
    182. 

  182.     def setUp(self):
    183. 

  183.         super().setUp()
    184. 

  184. 

  185.         self.event = test.reply_thread(
    186. 

  186.             self.thread, poster=self.user, is_event=True
    187. 

  187.         )
    188. 

  188. 

  189.         self.api_link = reverse(
    190. 

  190.             "misago:api:thread-post-detail",
    191. 

  191.             kwargs={"thread_pk": self.thread.pk, "pk": self.event.pk},
    192. 

  192.         )
    193. 

  193. 

  194.     def test_delete_anonymous(self):
    195. 

  195.         """api validates if deleting user is authenticated"""
    196. 

  196.         self.logout_user()
    197. 

  197. 

  198.         response = self.client.delete(self.api_link)
    199. 

  199.         self.assertEqual(response.status_code, 403)
    200. 

  200.         self.assertEqual(
    201. 

  201.             response.json(), {"detail": "This action is not available to guests."}
    202. 

  202.         )
    203. 

  203. 

  204.     @patch_category_acl(
    205. 

  205.         {"can_hide_posts": 2, "can_hide_own_posts": 0, "can_hide_events": 0}
    206. 

  206.     )
    207. 

  207.     def test_no_permission(self):
    208. 

  208.         """api validates permission to delete event"""
    209. 

  209.         response = self.client.delete(self.api_link)
    210. 

  210.         self.assertEqual(response.status_code, 403)
    211. 

  211.         self.assertEqual(
    212. 

  212.             response.json(), {"detail": "You can't delete events in this category."}
    213. 

  213.         )
    214. 

  214. 

  215.     @patch_category_acl(
    216. 

  216.         {
    217. 

  217.             "can_hide_posts": 2,
    218. 

  218.             "can_hide_own_posts": 0,
    219. 

  219.             "can_hide_events": 2,
    220. 

  220.             "can_close_threads": False,
    221. 

  221.         }
    222. 

  222.     )
    223. 

  223.     def test_delete_event_closed_thread_no_permission(self):
    224. 

  224.         """api valdiates if user can delete events in closed threads"""
    225. 

  225.         self.thread.is_closed = True
    226. 

  226.         self.thread.save()
    227. 

  227. 

  228.         response = self.client.delete(self.api_link)
    229. 

  229.         self.assertEqual(response.status_code, 403)
    230. 

  230.         self.assertEqual(
    231. 

  231.             response.json(),
    232. 

  232.             {"detail": "This thread is closed. You can't delete events in it."},
    233. 

  233.         )
    234. 

  234. 

  235.     @patch_category_acl(
    236. 

  236.         {"can_hide_posts": 2, "can_hide_events": 2, "can_close_threads": False}
    237. 

  237.     )
    238. 

  238.     def test_delete_event_closed_category_no_permission(self):
    239. 

  239.         """api valdiates if user can delete events in closed categories"""
    240. 

  240.         self.category.is_closed = True
    241. 

  241.         self.category.save()
    242. 

  242. 

  243.         response = self.client.delete(self.api_link)
    244. 

  244.         self.assertEqual(response.status_code, 403)
    245. 

  245.         self.assertEqual(
    246. 

  246.             response.json(),
    247. 

  247.             {"detail": "This category is closed. You can't delete events in it."},
    248. 

  248.         )
    249. 

  249. 

  250.     @patch_category_acl({"can_hide_posts": 0, "can_hide_events": 2})
    251. 

  251.     def test_delete_event(self):
    252. 

  252.         """api differs posts from events"""
    253. 

  253.         response = self.client.delete(self.api_link)
    254. 

  254.         self.assertEqual(response.status_code, 200)
    255. 

  255. 

  256.         self.thread = Thread.objects.get(pk=self.thread.pk)
    257. 

  257. 

  258.         self.assertNotEqual(self.thread.last_post_id, self.event.pk)
    259. 

  259.         with self.assertRaises(Post.DoesNotExist):
    260. 

  260.             self.thread.post_set.get(pk=self.event.pk)
    261.