import pytest from django.test.client import Client from activities.models import Post from users.models import Identity @pytest.mark.django_db def test_post_delete_security(client_with_identity: Client, other_identity: Identity): """ Tests that you can't delete other users' posts with URL fiddling """ other_post = Post.objects.create( content="
OTHER POST!
", author=other_identity, local=True, visibility=Post.Visibilities.public, ) response = client_with_identity.get(other_post.urls.action_delete) assert response.status_code == 403