Главная Обзор Помощь
Вход
221V
/
Misago
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: eae41bcd49
Ветки Метки
Misago
/
misago
/
threads
/
tests
/
test_thread_postpatch_api.py

test_thread_postpatch_api.py 24 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745 
  1. # -*- coding: utf-8 -*-
    2. 

  2. from __future__ import unicode_literals
    3. 

  3. 

  4. import json
    5. 

  5. from datetime import timedelta
    6. 

  6. 

  7. from django.core.urlresolvers import reverse
    8. 

  8. from django.utils import timezone
    9. 

  9. from django.utils.encoding import smart_str
    10. 

  10. 

  11. from misago.acl.testutils import override_acl
    12. 

  12. from misago.categories.models import Category
    13. 

  13. from misago.users.testutils import AuthenticatedUserTestCase
    14. 

  14. 

  15. from .. import testutils
    16. 

  16. from ..models import Thread
    17. 

  17. 

  18. 

  19. class ThreadPostPatchApiTestCase(AuthenticatedUserTestCase):
    20. 

  20.     def setUp(self):
    21. 

  21.         super(ThreadPostPatchApiTestCase, self).setUp()
    22. 

  22. 

  23.         self.category = Category.objects.get(slug='first-category')
    24. 

  24.         self.thread = testutils.post_thread(category=self.category)
    25. 

  25.         self.post = testutils.reply_thread(self.thread, poster=self.user)
    26. 

  26. 

  27.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    28. 

  28.             'thread_pk': self.thread.pk,
    29. 

  29.             'pk': self.post.pk
    30. 

  30.         })
    31. 

  31. 

  32.     def patch(self, api_link, ops):
    33. 

  33.         return self.client.patch(api_link, json.dumps(ops), content_type="application/json")
    34. 

  34. 

  35.     def refresh_post(self):
    36. 

  36.         self.post = self.thread.post_set.get(pk=self.post.pk)
    37. 

  37. 

  38.     def override_acl(self, extra_acl=None):
    39. 

  39.         new_acl = self.user.acl
    40. 

  40.         new_acl['categories'][self.category.pk].update({
    41. 

  41.             'can_see': 1,
    42. 

  42.             'can_browse': 1,
    43. 

  43.             'can_start_threads': 0,
    44. 

  44.             'can_reply_threads': 0,
    45. 

  45.             'can_edit_posts': 1
    46. 

  46.         })
    47. 

  47. 

  48.         if extra_acl:
    49. 

  49.             new_acl['categories'][self.category.pk].update(extra_acl)
    50. 

  50. 

  51.         override_acl(self.user, new_acl)
    52. 

  52. 

  53. 

  54. class PostAddAclApiTests(ThreadPostPatchApiTestCase):
    55. 

  55.     def test_add_acl_true(self):
    56. 

  56.         """api adds current event's acl to response"""
    57. 

  57.         response = self.patch(self.api_link, [
    58. 

  58.             {'op': 'add', 'path': 'acl', 'value': True}
    59. 

  59.         ])
    60. 

  60.         self.assertEqual(response.status_code, 200)
    61. 

  61. 

  62.         response_json = json.loads(smart_str(response.content))
    63. 

  63.         self.assertTrue(response_json['acl'])
    64. 

  64. 

  65.     def test_add_acl_false(self):
    66. 

  66.         """if value is false, api won't add acl to the response, but will set empty key"""
    67. 

  67.         response = self.patch(self.api_link, [
    68. 

  68.             {'op': 'add', 'path': 'acl', 'value': False}
    69. 

  69.         ])
    70. 

  70.         self.assertEqual(response.status_code, 200)
    71. 

  71. 

  72.         response_json = json.loads(smart_str(response.content))
    73. 

  73.         self.assertIsNone(response_json['acl'])
    74. 

  74. 

  75.         response = self.patch(self.api_link, [
    76. 

  76.             {'op': 'add', 'path': 'acl', 'value': True}
    77. 

  77.         ])
    78. 

  78.         self.assertEqual(response.status_code, 200)
    79. 

  79. 

  80. 

  81. class PostProtectApiTests(ThreadPostPatchApiTestCase):
    82. 

  82.     def test_protect_post(self):
    83. 

  83.         """api makes it possible to protect post"""
    84. 

  84.         self.override_acl({
    85. 

  85.             'can_protect_posts': 1
    86. 

  86.         })
    87. 

  87. 

  88.         response = self.patch(self.api_link, [
    89. 

  89.             {'op': 'replace', 'path': 'is-protected', 'value': True}
    90. 

  90.         ])
    91. 

  91.         self.assertEqual(response.status_code, 200)
    92. 

  92. 

  93.         self.refresh_post()
    94. 

  94.         self.assertTrue(self.post.is_protected)
    95. 

  95. 

  96.     def test_unprotect_post(self):
    97. 

  97.         """api makes it possible to unprotect protected post"""
    98. 

  98.         self.post.is_protected = True
    99. 

  99.         self.post.save()
    100. 

  100. 

  101.         self.override_acl({
    102. 

  102.             'can_protect_posts': 1
    103. 

  103.         })
    104. 

  104. 

  105.         response = self.patch(self.api_link, [
    106. 

  106.             {'op': 'replace', 'path': 'is-protected', 'value': False}
    107. 

  107.         ])
    108. 

  108.         self.assertEqual(response.status_code, 200)
    109. 

  109. 

  110.         self.refresh_post()
    111. 

  111.         self.assertFalse(self.post.is_protected)
    112. 

  112. 

  113.     def test_protect_post_no_permission(self):
    114. 

  114.         """api validates permission to protect post"""
    115. 

  115.         self.override_acl({
    116. 

  116.             'can_protect_posts': 0
    117. 

  117.         })
    118. 

  118. 

  119.         response = self.patch(self.api_link, [
    120. 

  120.             {'op': 'replace', 'path': 'is-protected', 'value': True}
    121. 

  121.         ])
    122. 

  122.         self.assertEqual(response.status_code, 400)
    123. 

  123. 

  124.         response_json = json.loads(smart_str(response.content))
    125. 

  125.         self.assertEqual(response_json['detail'][0], "You can't protect posts in this category.")
    126. 

  126. 

  127.         self.refresh_post()
    128. 

  128.         self.assertFalse(self.post.is_protected)
    129. 

  129. 

  130.     def test_unprotect_post_no_permission(self):
    131. 

  131.         """api validates permission to unprotect post"""
    132. 

  132.         self.post.is_protected = True
    133. 

  133.         self.post.save()
    134. 

  134. 

  135.         self.override_acl({
    136. 

  136.             'can_protect_posts': 0
    137. 

  137.         })
    138. 

  138. 

  139.         response = self.patch(self.api_link, [
    140. 

  140.             {'op': 'replace', 'path': 'is-protected', 'value': False}
    141. 

  141.         ])
    142. 

  142.         self.assertEqual(response.status_code, 400)
    143. 

  143. 

  144.         response_json = json.loads(smart_str(response.content))
    145. 

  145.         self.assertEqual(response_json['detail'][0], "You can't protect posts in this category.")
    146. 

  146. 

  147.         self.refresh_post()
    148. 

  148.         self.assertTrue(self.post.is_protected)
    149. 

  149. 

  150.     def test_unprotect_post_not_editable(self):
    151. 

  151.         """api validates if we can edit post we want to protect"""
    152. 

  152.         self.override_acl({
    153. 

  153.             'can_edit_posts': 0,
    154. 

  154.             'can_protect_posts': 1
    155. 

  155.         })
    156. 

  156. 

  157.         response = self.patch(self.api_link, [
    158. 

  158.             {'op': 'replace', 'path': 'is-protected', 'value': True}
    159. 

  159.         ])
    160. 

  160.         self.assertEqual(response.status_code, 400)
    161. 

  161. 

  162.         response_json = json.loads(smart_str(response.content))
    163. 

  163.         self.assertEqual(response_json['detail'][0], "You can't protect posts you can't edit.")
    164. 

  164. 

  165.         self.refresh_post()
    166. 

  166.         self.assertFalse(self.post.is_protected)
    167. 

  167. 

  168. 

  169. class PostApproveApiTests(ThreadPostPatchApiTestCase):
    170. 

  170.     def test_approve_post(self):
    171. 

  171.         """api makes it possible to approve post"""
    172. 

  172.         self.post.is_unapproved = True
    173. 

  173.         self.post.save()
    174. 

  174. 

  175.         self.override_acl({
    176. 

  176.             'can_approve_content': 1
    177. 

  177.         })
    178. 

  178. 

  179.         response = self.patch(self.api_link, [
    180. 

  180.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    181. 

  181.         ])
    182. 

  182.         self.assertEqual(response.status_code, 200)
    183. 

  183. 

  184.         self.refresh_post()
    185. 

  185.         self.assertFalse(self.post.is_unapproved)
    186. 

  186. 

  187.     def test_unapprove_post(self):
    188. 

  188.         """unapproving posts is not supported by api"""
    189. 

  189.         self.override_acl({
    190. 

  190.             'can_approve_content': 1
    191. 

  191.         })
    192. 

  192. 

  193.         response = self.patch(self.api_link, [
    194. 

  194.             {'op': 'replace', 'path': 'is-unapproved', 'value': False}
    195. 

  195.         ])
    196. 

  196.         self.assertEqual(response.status_code, 200)
    197. 

  197. 

  198.         self.refresh_post()
    199. 

  199.         self.assertFalse(self.post.is_unapproved)
    200. 

  200. 

  201.     def test_approve_post_no_permission(self):
    202. 

  202.         """api validates approval permission"""
    203. 

  203.         self.post.is_unapproved = True
    204. 

  204.         self.post.save()
    205. 

  205. 

  206.         self.override_acl({
    207. 

  207.             'can_approve_content': 0
    208. 

  208.         })
    209. 

  209. 

  210.         response = self.patch(self.api_link, [
    211. 

  211.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    212. 

  212.         ])
    213. 

  213.         self.assertEqual(response.status_code, 400)
    214. 

  214. 

  215.         response_json = json.loads(smart_str(response.content))
    216. 

  216.         self.assertEqual(response_json['detail'][0], "You can't approve posts in this category.")
    217. 

  217. 

  218.         self.refresh_post()
    219. 

  219.         self.assertTrue(self.post.is_unapproved)
    220. 

  220. 

  221.     def test_approve_first_post(self):
    222. 

  222.         """api approve first post fails"""
    223. 

  223.         self.post.is_unapproved = True
    224. 

  224.         self.post.save()
    225. 

  225. 

  226.         self.thread.set_first_post(self.post)
    227. 

  227.         self.thread.save()
    228. 

  228. 

  229.         self.override_acl({
    230. 

  230.             'can_approve_content': 1
    231. 

  231.         })
    232. 

  232. 

  233.         response = self.patch(self.api_link, [
    234. 

  234.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    235. 

  235.         ])
    236. 

  236.         self.assertEqual(response.status_code, 400)
    237. 

  237. 

  238.         response_json = json.loads(smart_str(response.content))
    239. 

  239.         self.assertEqual(response_json['detail'][0], "You can't approve thread's first post.")
    240. 

  240. 

  241.         self.refresh_post()
    242. 

  242.         self.assertTrue(self.post.is_unapproved)
    243. 

  243. 

  244.     def test_approve_hidden_post(self):
    245. 

  245.         """api approve hidden post fails"""
    246. 

  246.         self.post.is_unapproved = True
    247. 

  247.         self.post.is_hidden = True
    248. 

  248.         self.post.save()
    249. 

  249. 

  250.         self.override_acl({
    251. 

  251.             'can_approve_content': 1
    252. 

  252.         })
    253. 

  253. 

  254.         response = self.patch(self.api_link, [
    255. 

  255.             {'op': 'replace', 'path': 'is-unapproved', 'value': True}
    256. 

  256.         ])
    257. 

  257.         self.assertEqual(response.status_code, 400)
    258. 

  258. 

  259.         response_json = json.loads(smart_str(response.content))
    260. 

  260.         self.assertEqual(response_json['detail'][0], "You can't approve posts the content you can't see.")
    261. 

  261. 

  262.         self.refresh_post()
    263. 

  263.         self.assertTrue(self.post.is_unapproved)
    264. 

  264. 

  265. 

  266. class PostHideApiTests(ThreadPostPatchApiTestCase):
    267. 

  267.     def test_hide_post(self):
    268. 

  268.         """api makes it possible to hide post"""
    269. 

  269.         self.override_acl({
    270. 

  270.             'can_hide_posts': 1
    271. 

  271.         })
    272. 

  272. 

  273.         response = self.patch(self.api_link, [
    274. 

  274.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    275. 

  275.         ])
    276. 

  276.         self.assertEqual(response.status_code, 200)
    277. 

  277. 

  278.         self.refresh_post()
    279. 

  279.         self.assertTrue(self.post.is_hidden)
    280. 

  280. 

  281.     def test_show_post(self):
    282. 

  282.         """api makes it possible to unhide post"""
    283. 

  283.         self.post.is_hidden = True
    284. 

  284.         self.post.save()
    285. 

  285. 

  286.         self.refresh_post()
    287. 

  287.         self.assertTrue(self.post.is_hidden)
    288. 

  288. 

  289.         self.override_acl({
    290. 

  290.             'can_hide_posts': 1
    291. 

  291.         })
    292. 

  292. 

  293.         response = self.patch(self.api_link, [
    294. 

  294.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    295. 

  295.         ])
    296. 

  296.         self.assertEqual(response.status_code, 200)
    297. 

  297. 

  298.         self.refresh_post()
    299. 

  299.         self.assertFalse(self.post.is_hidden)
    300. 

  300. 

  301.     def test_hide_own_post(self):
    302. 

  302.         """api makes it possible to hide owned post"""
    303. 

  303.         self.override_acl({
    304. 

  304.             'can_hide_own_posts': 1
    305. 

  305.         })
    306. 

  306. 

  307.         response = self.patch(self.api_link, [
    308. 

  308.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    309. 

  309.         ])
    310. 

  310.         self.assertEqual(response.status_code, 200)
    311. 

  311. 

  312.         self.refresh_post()
    313. 

  313.         self.assertTrue(self.post.is_hidden)
    314. 

  314. 

  315.     def test_show_own_post(self):
    316. 

  316.         """api makes it possible to unhide owned post"""
    317. 

  317.         self.post.is_hidden = True
    318. 

  318.         self.post.save()
    319. 

  319. 

  320.         self.refresh_post()
    321. 

  321.         self.assertTrue(self.post.is_hidden)
    322. 

  322. 

  323.         self.override_acl({
    324. 

  324.             'can_hide_own_posts': 1
    325. 

  325.         })
    326. 

  326. 

  327.         response = self.patch(self.api_link, [
    328. 

  328.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    329. 

  329.         ])
    330. 

  330.         self.assertEqual(response.status_code, 200)
    331. 

  331. 

  332.         self.refresh_post()
    333. 

  333.         self.assertFalse(self.post.is_hidden)
    334. 

  334. 

  335.     def test_hide_post_no_permission(self):
    336. 

  336.         """api hide post with no permission fails"""
    337. 

  337.         self.override_acl({
    338. 

  338.             'can_hide_posts': 0
    339. 

  339.         })
    340. 

  340. 

  341.         response = self.patch(self.api_link, [
    342. 

  342.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    343. 

  343.         ])
    344. 

  344.         self.assertEqual(response.status_code, 400)
    345. 

  345. 

  346.         response_json = json.loads(smart_str(response.content))
    347. 

  347.         self.assertEqual(response_json['detail'][0], "You can't hide posts in this category.")
    348. 

  348. 

  349.         self.refresh_post()
    350. 

  350.         self.assertFalse(self.post.is_hidden)
    351. 

  351. 

  352.     def test_show_post_no_permission(self):
    353. 

  353.         """api unhide post with no permission fails"""
    354. 

  354.         self.post.is_hidden = True
    355. 

  355.         self.post.save()
    356. 

  356. 

  357.         self.refresh_post()
    358. 

  358.         self.assertTrue(self.post.is_hidden)
    359. 

  359. 

  360.         self.override_acl({
    361. 

  361.             'can_hide_posts': 0
    362. 

  362.         })
    363. 

  363. 

  364.         response = self.patch(self.api_link, [
    365. 

  365.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    366. 

  366.         ])
    367. 

  367.         self.assertEqual(response.status_code, 400)
    368. 

  368. 

  369.         response_json = json.loads(smart_str(response.content))
    370. 

  370.         self.assertEqual(response_json['detail'][0], "You can't reveal posts in this category.")
    371. 

  371. 

  372.         self.refresh_post()
    373. 

  373.         self.assertTrue(self.post.is_hidden)
    374. 

  374. 

  375.     def test_hide_own_protected_post(self):
    376. 

  376.         """api validates if we are trying to hide protected post"""
    377. 

  377.         self.post.is_protected = True
    378. 

  378.         self.post.save()
    379. 

  379. 

  380.         self.override_acl({
    381. 

  381.             'can_protect_posts': 0,
    382. 

  382.             'can_hide_own_posts': 1
    383. 

  383.         })
    384. 

  384. 

  385.         response = self.patch(self.api_link, [
    386. 

  386.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    387. 

  387.         ])
    388. 

  388.         self.assertEqual(response.status_code, 400)
    389. 

  389. 

  390.         response_json = json.loads(smart_str(response.content))
    391. 

  391.         self.assertEqual(response_json['detail'][0], "This post is protected. You can't hide it.")
    392. 

  392. 

  393.         self.refresh_post()
    394. 

  394.         self.assertFalse(self.post.is_hidden)
    395. 

  395. 

  396.     def test_show_own_protected_post(self):
    397. 

  397.         """api validates if we are trying to reveal protected post"""
    398. 

  398.         self.post.is_hidden = True
    399. 

  399.         self.post.save()
    400. 

  400. 

  401.         self.override_acl({
    402. 

  402.             'can_protect_posts': 0,
    403. 

  403.             'can_hide_own_posts': 1
    404. 

  404.         })
    405. 

  405. 

  406.         self.post.is_protected = True
    407. 

  407.         self.post.save()
    408. 

  408. 

  409.         response = self.patch(self.api_link, [
    410. 

  410.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    411. 

  411.         ])
    412. 

  412.         self.assertEqual(response.status_code, 400)
    413. 

  413. 

  414.         response_json = json.loads(smart_str(response.content))
    415. 

  415.         self.assertEqual(response_json['detail'][0], "This post is protected. You can't reveal it.")
    416. 

  416. 

  417.         self.refresh_post()
    418. 

  418.         self.assertTrue(self.post.is_hidden)
    419. 

  419. 

  420.     def test_hide_other_user_post(self):
    421. 

  421.         """api validates post ownership when hiding"""
    422. 

  422.         self.post.poster = None
    423. 

  423.         self.post.save()
    424. 

  424. 

  425.         self.override_acl({
    426. 

  426.             'can_hide_own_posts': 1
    427. 

  427.         })
    428. 

  428. 

  429.         response = self.patch(self.api_link, [
    430. 

  430.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    431. 

  431.         ])
    432. 

  432.         self.assertEqual(response.status_code, 400)
    433. 

  433. 

  434.         response_json = json.loads(smart_str(response.content))
    435. 

  435.         self.assertEqual(response_json['detail'][0], "You can't hide other users posts in this category.")
    436. 

  436. 

  437.         self.refresh_post()
    438. 

  438.         self.assertFalse(self.post.is_hidden)
    439. 

  439. 

  440.     def test_show_other_user_post(self):
    441. 

  441.         """api validates post ownership when revealing"""
    442. 

  442.         self.post.is_hidden = True
    443. 

  443.         self.post.poster = None
    444. 

  444.         self.post.save()
    445. 

  445. 

  446.         self.override_acl({
    447. 

  447.             'can_hide_own_posts': 1
    448. 

  448.         })
    449. 

  449. 

  450.         response = self.patch(self.api_link, [
    451. 

  451.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    452. 

  452.         ])
    453. 

  453.         self.assertEqual(response.status_code, 400)
    454. 

  454. 

  455.         response_json = json.loads(smart_str(response.content))
    456. 

  456.         self.assertEqual(response_json['detail'][0], "You can't reveal other users posts in this category.")
    457. 

  457. 

  458.         self.refresh_post()
    459. 

  459.         self.assertTrue(self.post.is_hidden)
    460. 

  460. 

  461.     def test_hide_own_post_after_edit_time(self):
    462. 

  462.         """api validates if we are trying to hide post after edit time"""
    463. 

  463.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    464. 

  464.         self.post.save()
    465. 

  465. 

  466.         self.override_acl({
    467. 

  467.             'post_edit_time': 1,
    468. 

  468.             'can_hide_own_posts': 1
    469. 

  469.         })
    470. 

  470. 

  471.         response = self.patch(self.api_link, [
    472. 

  472.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    473. 

  473.         ])
    474. 

  474.         self.assertEqual(response.status_code, 400)
    475. 

  475. 

  476.         response_json = json.loads(smart_str(response.content))
    477. 

  477.         self.assertEqual(response_json['detail'][0], "You can't hide posts that are older than 1 minute.")
    478. 

  478. 

  479.         self.refresh_post()
    480. 

  480.         self.assertFalse(self.post.is_hidden)
    481. 

  481. 

  482.     def test_show_own_post_after_edit_time(self):
    483. 

  483.         """api validates if we are trying to reveal post after edit time"""
    484. 

  484.         self.post.is_hidden = True
    485. 

  485.         self.post.posted_on = timezone.now() - timedelta(minutes=10)
    486. 

  486.         self.post.save()
    487. 

  487. 

  488.         self.override_acl({
    489. 

  489.             'post_edit_time': 1,
    490. 

  490.             'can_hide_own_posts': 1
    491. 

  491.         })
    492. 

  492. 

  493.         response = self.patch(self.api_link, [
    494. 

  494.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    495. 

  495.         ])
    496. 

  496.         self.assertEqual(response.status_code, 400)
    497. 

  497. 

  498.         response_json = json.loads(smart_str(response.content))
    499. 

  499.         self.assertEqual(response_json['detail'][0], "You can't reveal posts that are older than 1 minute.")
    500. 

  500. 

  501.         self.refresh_post()
    502. 

  502.         self.assertTrue(self.post.is_hidden)
    503. 

  503. 

  504.     def test_hide_post_in_closed_thread(self):
    505. 

  505.         """api validates if we are trying to hide post in closed thread"""
    506. 

  506.         self.thread.is_closed = True
    507. 

  507.         self.thread.save()
    508. 

  508. 

  509.         self.override_acl({
    510. 

  510.             'can_hide_own_posts': 1
    511. 

  511.         })
    512. 

  512. 

  513.         response = self.patch(self.api_link, [
    514. 

  514.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    515. 

  515.         ])
    516. 

  516.         self.assertEqual(response.status_code, 400)
    517. 

  517. 

  518.         response_json = json.loads(smart_str(response.content))
    519. 

  519.         self.assertEqual(response_json['detail'][0], "This thread is closed. You can't hide posts in it.")
    520. 

  520. 

  521.         self.refresh_post()
    522. 

  522.         self.assertFalse(self.post.is_hidden)
    523. 

  523. 

  524.     def test_show_post_in_closed_thread(self):
    525. 

  525.         """api validates if we are trying to reveal post in closed thread"""
    526. 

  526.         self.thread.is_closed = True
    527. 

  527.         self.thread.save()
    528. 

  528. 

  529.         self.post.is_hidden = True
    530. 

  530.         self.post.save()
    531. 

  531. 

  532.         self.override_acl({
    533. 

  533.             'can_hide_own_posts': 1
    534. 

  534.         })
    535. 

  535. 

  536.         response = self.patch(self.api_link, [
    537. 

  537.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    538. 

  538.         ])
    539. 

  539.         self.assertEqual(response.status_code, 400)
    540. 

  540. 

  541.         response_json = json.loads(smart_str(response.content))
    542. 

  542.         self.assertEqual(response_json['detail'][0], "This thread is closed. You can't reveal posts in it.")
    543. 

  543. 

  544.         self.refresh_post()
    545. 

  545.         self.assertTrue(self.post.is_hidden)
    546. 

  546. 

  547.     def test_hide_post_in_closed_category(self):
    548. 

  548.         """api validates if we are trying to hide post in closed category"""
    549. 

  549.         self.category.is_closed = True
    550. 

  550.         self.category.save()
    551. 

  551. 

  552.         self.override_acl({
    553. 

  553.             'can_hide_own_posts': 1
    554. 

  554.         })
    555. 

  555. 

  556.         response = self.patch(self.api_link, [
    557. 

  557.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    558. 

  558.         ])
    559. 

  559.         self.assertEqual(response.status_code, 400)
    560. 

  560. 

  561.         response_json = json.loads(smart_str(response.content))
    562. 

  562.         self.assertEqual(response_json['detail'][0], "This category is closed. You can't hide posts in it.")
    563. 

  563. 

  564.         self.refresh_post()
    565. 

  565.         self.assertFalse(self.post.is_hidden)
    566. 

  566. 

  567.     def test_show_post_in_closed_category(self):
    568. 

  568.         """api validates if we are trying to reveal post in closed category"""
    569. 

  569.         self.category.is_closed = True
    570. 

  570.         self.category.save()
    571. 

  571. 

  572.         self.post.is_hidden = True
    573. 

  573.         self.post.save()
    574. 

  574. 

  575.         self.override_acl({
    576. 

  576.             'can_hide_own_posts': 1
    577. 

  577.         })
    578. 

  578. 

  579.         response = self.patch(self.api_link, [
    580. 

  580.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    581. 

  581.         ])
    582. 

  582.         self.assertEqual(response.status_code, 400)
    583. 

  583. 

  584.         response_json = json.loads(smart_str(response.content))
    585. 

  585.         self.assertEqual(response_json['detail'][0], "This category is closed. You can't reveal posts in it.")
    586. 

  586. 

  587.         self.refresh_post()
    588. 

  588.         self.assertTrue(self.post.is_hidden)
    589. 

  589. 

  590.     def test_hide_first_post(self):
    591. 

  591.         """api hide first post fails"""
    592. 

  592.         self.thread.set_first_post(self.post)
    593. 

  593.         self.thread.save()
    594. 

  594. 

  595.         self.override_acl({
    596. 

  596.             'can_hide_posts': 1
    597. 

  597.         })
    598. 

  598. 

  599.         response = self.patch(self.api_link, [
    600. 

  600.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    601. 

  601.         ])
    602. 

  602.         self.assertEqual(response.status_code, 400)
    603. 

  603. 

  604.         response_json = json.loads(smart_str(response.content))
    605. 

  605.         self.assertEqual(response_json['detail'][0], "You can't hide thread's first post.")
    606. 

  606. 

  607.     def test_show_first_post(self):
    608. 

  608.         """api unhide first post fails"""
    609. 

  609.         self.thread.set_first_post(self.post)
    610. 

  610.         self.thread.save()
    611. 

  611. 

  612.         self.override_acl({
    613. 

  613.             'can_hide_posts': 1
    614. 

  614.         })
    615. 

  615. 

  616.         response = self.patch(self.api_link, [
    617. 

  617.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    618. 

  618.         ])
    619. 

  619.         self.assertEqual(response.status_code, 400)
    620. 

  620. 

  621.         response_json = json.loads(smart_str(response.content))
    622. 

  622.         self.assertEqual(response_json['detail'][0], "You can't reveal thread's first post.")
    623. 

  623. 

  624. 

  625. class ThreadEventPatchApiTestCase(ThreadPostPatchApiTestCase):
    626. 

  626.     def setUp(self):
    627. 

  627.         super(ThreadEventPatchApiTestCase, self).setUp()
    628. 

  628. 

  629.         self.event = testutils.reply_thread(self.thread, poster=self.user, is_event=True)
    630. 

  630. 

  631.         self.api_link = reverse('misago:api:thread-post-detail', kwargs={
    632. 

  632.             'thread_pk': self.thread.pk,
    633. 

  633.             'pk': self.event.pk
    634. 

  634.         })
    635. 

  635. 

  636.     def refresh_event(self):
    637. 

  637.         self.event = self.thread.post_set.get(pk=self.event.pk)
    638. 

  638. 

  639. 

  640. class EventAnonPatchApiTests(ThreadEventPatchApiTestCase):
    641. 

  641.     def test_anonymous_user(self):
    642. 

  642.         """anonymous users can't change event state"""
    643. 

  643.         self.logout_user()
    644. 

  644. 

  645.         response = self.patch(self.api_link, [
    646. 

  646.             {'op': 'add', 'path': 'acl', 'value': True}
    647. 

  647.         ])
    648. 

  648.         self.assertEqual(response.status_code, 403)
    649. 

  649. 

  650. 

  651. class EventAddAclApiTests(ThreadEventPatchApiTestCase):
    652. 

  652.     def test_add_acl_true(self):
    653. 

  653.         """api adds current event's acl to response"""
    654. 

  654.         response = self.patch(self.api_link, [
    655. 

  655.             {'op': 'add', 'path': 'acl', 'value': True}
    656. 

  656.         ])
    657. 

  657.         self.assertEqual(response.status_code, 200)
    658. 

  658. 

  659.         response_json = json.loads(smart_str(response.content))
    660. 

  660.         self.assertTrue(response_json['acl'])
    661. 

  661. 

  662.     def test_add_acl_false(self):
    663. 

  663.         """if value is false, api won't add acl to the response, but will set empty key"""
    664. 

  664.         response = self.patch(self.api_link, [
    665. 

  665.             {'op': 'add', 'path': 'acl', 'value': False}
    666. 

  666.         ])
    667. 

  667.         self.assertEqual(response.status_code, 200)
    668. 

  668. 

  669.         response_json = json.loads(smart_str(response.content))
    670. 

  670.         self.assertIsNone(response_json['acl'])
    671. 

  671. 

  672.         response = self.patch(self.api_link, [
    673. 

  673.             {'op': 'add', 'path': 'acl', 'value': True}
    674. 

  674.         ])
    675. 

  675.         self.assertEqual(response.status_code, 200)
    676. 

  676. 

  677. 

  678. class EventHideApiTests(ThreadEventPatchApiTestCase):
    679. 

  679.     def test_hide_event(self):
    680. 

  680.         """api makes it possible to hide event"""
    681. 

  681.         self.override_acl({
    682. 

  682.             'can_hide_events': 1
    683. 

  683.         })
    684. 

  684. 

  685.         response = self.patch(self.api_link, [
    686. 

  686.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    687. 

  687.         ])
    688. 

  688.         self.assertEqual(response.status_code, 200)
    689. 

  689. 

  690.         self.refresh_event()
    691. 

  691.         self.assertTrue(self.event.is_hidden)
    692. 

  692. 

  693.     def test_show_event(self):
    694. 

  694.         """api makes it possible to unhide event"""
    695. 

  695.         self.event.is_hidden = True
    696. 

  696.         self.event.save()
    697. 

  697. 

  698.         self.refresh_event()
    699. 

  699.         self.assertTrue(self.event.is_hidden)
    700. 

  700. 

  701.         self.override_acl({
    702. 

  702.             'can_hide_events': 1
    703. 

  703.         })
    704. 

  704. 

  705.         response = self.patch(self.api_link, [
    706. 

  706.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    707. 

  707.         ])
    708. 

  708.         self.assertEqual(response.status_code, 200)
    709. 

  709. 

  710.         self.refresh_event()
    711. 

  711.         self.assertFalse(self.event.is_hidden)
    712. 

  712. 

  713.     def test_hide_event_no_permission(self):
    714. 

  714.         """api hide event with no permission fails"""
    715. 

  715.         self.override_acl({
    716. 

  716.             'can_hide_events': 0
    717. 

  717.         })
    718. 

  718. 

  719.         response = self.patch(self.api_link, [
    720. 

  720.             {'op': 'replace', 'path': 'is-hidden', 'value': True}
    721. 

  721.         ])
    722. 

  722.         self.assertEqual(response.status_code, 400)
    723. 

  723. 

  724.         response_json = json.loads(smart_str(response.content))
    725. 

  725.         self.assertEqual(response_json['detail'][0], "You don't have permission to hide this event.")
    726. 

  726. 

  727.         self.refresh_event()
    728. 

  728.         self.assertFalse(self.event.is_hidden)
    729. 

  729. 

  730.     def test_show_event_no_permission(self):
    731. 

  731.         """api unhide event with no permission fails"""
    732. 

  732.         self.event.is_hidden = True
    733. 

  733.         self.event.save()
    734. 

  734. 

  735.         self.refresh_event()
    736. 

  736.         self.assertTrue(self.event.is_hidden)
    737. 

  737. 

  738.         self.override_acl({
    739. 

  739.             'can_hide_events': 0
    740. 

  740.         })
    741. 

  741. 

  742.         response = self.patch(self.api_link, [
    743. 

  743.             {'op': 'replace', 'path': 'is-hidden', 'value': False}
    744. 

  744.         ])
    745. 

  745.         self.assertEqual(response.status_code, 404)
    746.