2022-11-22 18:52:40 -08:00
|
|
|
import re
|
|
|
|
|
|
|
|
import mock
|
|
|
|
import pytest
|
2022-11-27 10:09:46 -08:00
|
|
|
from django.core.exceptions import PermissionDenied
|
2022-11-22 18:52:40 -08:00
|
|
|
|
2022-11-27 10:09:46 -08:00
|
|
|
from activities.models import Post
|
|
|
|
from activities.views.posts import Compose, Delete
|
2022-11-22 18:52:40 -08:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
|
|
|
def test_content_warning_text(identity, user, rf, config_system):
|
|
|
|
request = rf.get("/compose/")
|
|
|
|
request.user = user
|
|
|
|
request.identity = identity
|
|
|
|
|
|
|
|
config_system.content_warning_text = "Content Summary"
|
|
|
|
with mock.patch("core.models.Config.load_system", return_value=config_system):
|
|
|
|
view = Compose.as_view()
|
|
|
|
resp = view(request)
|
|
|
|
assert resp.status_code == 200
|
|
|
|
content = str(resp.rendered_content)
|
|
|
|
assert 'placeholder="Content Summary"' in content
|
|
|
|
assert re.search(
|
|
|
|
r"<label.*>\s*Content Summary\s*</label>", content, flags=re.MULTILINE
|
|
|
|
)
|
2022-11-27 10:09:46 -08:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
|
|
|
def test_post_delete_security(identity, user, rf, other_identity):
|
|
|
|
# Create post
|
|
|
|
other_post = Post.objects.create(
|
|
|
|
content="<p>OTHER POST!</p>",
|
|
|
|
author=other_identity,
|
|
|
|
local=True,
|
|
|
|
visibility=Post.Visibilities.public,
|
|
|
|
)
|
|
|
|
|
|
|
|
request = rf.post(other_post.get_absolute_url() + "delete/")
|
|
|
|
request.user = user
|
|
|
|
request.identity = identity
|
|
|
|
|
|
|
|
view = Delete.as_view()
|
|
|
|
with pytest.raises(PermissionDenied) as ex:
|
|
|
|
view(request, handle=other_identity.handle.lstrip("@"), post_id=other_post.id)
|
|
|
|
assert str(ex.value) == "Post author is not requestor"
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
|
|
|
def test_post_edit_security(identity, user, rf, other_identity):
|
|
|
|
# Create post
|
|
|
|
other_post = Post.objects.create(
|
|
|
|
content="<p>OTHER POST!</p>",
|
|
|
|
author=other_identity,
|
|
|
|
local=True,
|
|
|
|
visibility=Post.Visibilities.public,
|
|
|
|
)
|
|
|
|
|
|
|
|
request = rf.get(other_post.get_absolute_url() + "edit/")
|
|
|
|
request.user = user
|
|
|
|
request.identity = identity
|
|
|
|
|
|
|
|
view = Compose.as_view()
|
|
|
|
with pytest.raises(PermissionDenied) as ex:
|
|
|
|
view(request, handle=other_identity.handle.lstrip("@"), post_id=other_post.id)
|
|
|
|
assert str(ex.value) == "Post author is not requestor"
|