Dockery/Pinry
1
0
Fork 0
mirror of https://github.com/pinry/pinry.git synced 2025-11-13 00:25:41 +01:00
Code Issues Packages Projects Releases Activity

Feature: Add tests and migrations for board in backend

Browse Source
This commit is contained in:
winkidney
2020-02-11 17:11:39 +08:00
parent 23aacbc7c0
commit c31d93f797
3 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
core/migrations/0008_board_private.py Normal file
View File

@@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.11.26 on 2020-02-11 08:38
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('core', '0007_pin_private'),
]
operations = [
migrations.AddField(
model_name='board',
name='private',
field=models.BooleanField(default=False),
),
]

49
core/tests/api.py
View File

@@ -35,10 +35,55 @@ class ImageTests(APITestCase):
self.assertEqual(response.status_code, 403, response.data) self.assertEqual(response.status_code, 403, response.data)
class PrivacyTests(APITestCase): class BoardPrivacyTests(APITestCase):
def setUp(self): def setUp(self):
super(PrivacyTests, self).setUp() super(BoardPrivacyTests, self).setUp()
self.owner = create_user("default")
self.non_owner = create_user("non_owner")
self.private_board = Board.objects.create(
name="test_board",
submitter=self.owner,
private=True,
)
self.board_url = reverse("board-detail", kwargs={"pk": self.private_board.pk})
self.boards_url = reverse("board-list")
def tearDown(self):
_teardown_models()
def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_board(self):
resp = self.client.get(self.boards_url)
self.assertEqual(len(resp.data), 0, resp.data)
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(self.boards_url)
self.assertEqual(len(resp.data), 0, resp.data)
def test_should_owner_has_permission_to_list_private_board(self):
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(self.boards_url)
self.assertEqual(len(resp.data), 0, resp.data)
def test_should_non_owner_and_anonymous_user_has_no_permission_to_view_private_board(self):
resp = self.client.get(self.board_url)
self.assertEqual(resp.status_code, 404)
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(self.board_url)
self.assertEqual(resp.status_code, 404)
def test_should_owner_has_permission_to_view_private_board(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(self.board_url)
self.assertEqual(resp.status_code, 200)
class PinPrivacyTests(APITestCase):
def setUp(self):
super(PinPrivacyTests, self).setUp()
self.owner = create_user("default") self.owner = create_user("default")
self.non_owner = create_user("non_owner") self.non_owner = create_user("non_owner")

1
core/views.py
View File

@@ -56,6 +56,7 @@ class BoardAutoCompleteViewSet(
ordering_fields = ('-id', ) ordering_fields = ('-id', )
ordering = ('-id', ) ordering = ('-id', )
pagination_class = None pagination_class = None
permission_classes = [OwnerOnlyIfPrivate("submitter"), ]
def get_queryset(self): def get_queryset(self):
return filter_private_board(self.request, Board.objects.all()) return filter_private_board(self.request, Board.objects.all())