1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
import re
import mock
import pytest
from django.core.exceptions import PermissionDenied
from activities.models import Post
from activities.views.posts import Compose, Delete
@pytest.mark.django_db
def test_content_warning_text(identity, user, rf, config_system):
request = rf.get("/compose/")
request.user = user
request.identity = identity
config_system.content_warning_text = "Content Summary"
with mock.patch("core.models.Config.load_system", return_value=config_system):
view = Compose.as_view()
resp = view(request)
assert resp.status_code == 200
content = str(resp.rendered_content)
assert 'placeholder="Content Summary"' in content
assert re.search(
r"<label.*>\s*Content Summary\s*</label>", content, flags=re.MULTILINE
)
@pytest.mark.django_db
def test_post_delete_security(identity, user, rf, other_identity):
# Create post
other_post = Post.objects.create(
content="<p>OTHER POST!</p>",
author=other_identity,
local=True,
visibility=Post.Visibilities.public,
)
request = rf.post(other_post.get_absolute_url() + "delete/")
request.user = user
request.identity = identity
view = Delete.as_view()
with pytest.raises(PermissionDenied) as ex:
view(request, handle=other_identity.handle.lstrip("@"), post_id=other_post.id)
assert str(ex.value) == "Post author is not requestor"
@pytest.mark.django_db
def test_post_edit_security(identity, user, rf, other_identity):
# Create post
other_post = Post.objects.create(
content="<p>OTHER POST!</p>",
author=other_identity,
local=True,
visibility=Post.Visibilities.public,
)
request = rf.get(other_post.get_absolute_url() + "edit/")
request.user = user
request.identity = identity
view = Compose.as_view()
with pytest.raises(PermissionDenied) as ex:
view(request, handle=other_identity.handle.lstrip("@"), post_id=other_post.id)
assert str(ex.value) == "Post author is not requestor"
|