Dockery/Pinry
1
0
Fork 0
mirror of https://github.com/pinry/pinry.git synced 2025-11-13 16:45:41 +01:00
Code Issues Packages Projects Releases Activity

Feature: Add permission tests for pin-pravicy option

Browse Source
This commit is contained in:
winkidney
2020-02-11 16:24:24 +08:00
parent 335cc3a754
commit d303e7aa26
1 changed files with 77 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
core/tests/api.py
View File

@@ -5,11 +5,17 @@ import mock
from rest_framework import status from rest_framework import status
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from django_images.models import Thumbnail
from taggit.models import Tag from taggit.models import Tag
from .helpers import create_image, create_user, create_pin from .helpers import create_image, create_user, create_pin
from core.models import Pin, Image from core.models import Pin, Image, Board
def _teardown_models():
Pin.objects.all().delete()
Image.objects.all().delete()
Tag.objects.all().delete()
Board.objects.all().delete()
def mock_requests_get(url, **kwargs): def mock_requests_get(url, **kwargs):
@@ -29,6 +35,73 @@ class ImageTests(APITestCase):
self.assertEqual(response.status_code, 403, response.data) self.assertEqual(response.status_code, 403, response.data)
class PrivacyTests(APITestCase):
_JSON_TYPE = "application/json"
def setUp(self):
super(PrivacyTests, self).setUp()
self.owner = create_user("default")
self.non_owner = create_user("non_owner")
with mock.patch('requests.get', mock_requests_get):
image = Image.objects.create_for_url('http://a.com/b.png')
self.private_pin = Pin.objects.create(
submitter=self.owner,
image=image,
private=True,
)
self.private_pin_url = reverse("pin-detail", kwargs={"pk": self.private_pin.pk})
self.board = Board.objects.create(name="test_board", submitter=self.owner)
self.board.pins.add(self.private_pin)
self.board.save()
self.board_url = reverse("board-detail", kwargs={"pk": self.board.pk})
def tearDown(self):
_teardown_models()
def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin(self):
resp = self.client.get(reverse("pin-list"))
self.assertEqual(len(resp.data['results']), 0, resp.data)
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(reverse("pin-list"))
self.assertEqual(len(resp.data['results']), 0, resp.data)
def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin_in_board(self):
resp = self.client.get(self.board_url)
self.assertEqual(len(resp.data['pins_detail']), 0, resp.data)
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(self.board_url)
self.assertEqual(len(resp.data['pins_detail']), 0, resp.data)
def test_should_owner_user_has_permission_to_list_private_pin_in_board(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(self.board_url)
self.assertEqual(len(resp.data['pins_detail']), 1, resp.data)
def test_should_owner_user_has_permission_to_list_private_pin(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(reverse("pin-list"))
self.assertEqual(len(resp.data['results']), 1, resp.data)
def test_should_owner_has_permission_to_view_private_pin(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(self.private_pin_url)
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.data['id'], self.private_pin.id)
def test_should_anonymous_user_has_no_permission_to_view_private_pin(self):
resp = self.client.get(self.private_pin_url)
self.assertEqual(resp.status_code, 404)
def test_should_non_owner_has_no_permission_to_view_private_pin(self):
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(self.private_pin_url)
self.assertEqual(resp.status_code, 404)
class PinTests(APITestCase): class PinTests(APITestCase):
_JSON_TYPE = "application/json" _JSON_TYPE = "application/json"
@@ -38,9 +111,7 @@ class PinTests(APITestCase):
self.client.login(username=self.user.username, password='password') self.client.login(username=self.user.username, password='password')
def tearDown(self): def tearDown(self):
Pin.objects.all().delete() _teardown_models()
Image.objects.all().delete()
Tag.objects.all().delete()
@mock.patch('requests.get', mock_requests_get) @mock.patch('requests.get', mock_requests_get)
def test_should_create_pin(self): def test_should_create_pin(self):
@@ -49,6 +120,7 @@ class PinTests(APITestCase):
referer = 'http://testserver.com/' referer = 'http://testserver.com/'
post_data = { post_data = {
'url': url, 'url': url,
'private': False,
'referer': referer, 'referer': referer,
'description': 'That\'s an Apple!' 'description': 'That\'s an Apple!'
} }