Skip to content
This repository has been archived by the owner on Aug 26, 2022. It is now read-only.

Commit

Permalink
Adding authority, with jinja filter and permission checks. Lots of te…
Browse files Browse the repository at this point in the history 
…sts.
  • Loading branch information
Paul Craciunoiu committed May 22, 2010
1 parent d9b10c1 commit df36d80
Show file tree
Hide file tree
Showing 18 changed files with 428 additions and 53 deletions.
77 changes: 77 additions & 0 deletions apps/forums/fixtures/forums_permissions.json
View file
@@ -0,0 +1,77 @@
[
{
"pk": 1,
"model": "authority.permission",
"fields": {
"date_requested": "2010-05-20 10:37:22",
"group": 1,
"creator": 1,
"object_id": 1,
"user": null,
"content_type": 16,
"codename": "forums_forum.thread_edit_forum",
"approved": 1,
"date_approved": "2010-05-20 10:39:57"
}
},
{
"pk": 2,
"model": "authority.permission",
"fields": {
"date_requested": "2010-05-20 10:37:22",
"group": 1,
"creator": 1,
"object_id": 1,
"user": null,
"content_type": 16,
"codename": "forums_forum.post_edit_forum",
"approved": 1,
"date_approved": "2010-05-20 10:37:22"
}
},
{
"pk": 3,
"model": "authority.permission",
"fields": {
"date_requested": "2010-05-20 10:37:22",
"group": 1,
"creator": 1,
"object_id": 1,
"user": null,
"content_type": 16,
"codename": "forums_forum.post_delete_forum",
"approved": 1,
"date_approved": "2010-05-20 10:37:22"
}
},
{
"pk": 4,
"model": "authority.permission",
"fields": {
"date_requested": "2010-05-20 10:37:22",
"group": 1,
"creator": 1,
"object_id": 1,
"user": null,
"content_type": 16,
"codename": "forums_forum.thread_delete_forum",
"approved": 1,
"date_approved": "2010-05-20 10:37:22"
}
},
{
"pk": 5,
"model": "authority.permission",
"fields": {
"date_requested": "2010-05-20 10:37:22",
"group": 1,
"creator": 1,
"object_id": 1,
"user": null,
"content_type": 16,
"codename": "forums_forum.thread_sticky_forum",
"approved": 1,
"date_approved": "2010-05-20 10:37:22"
}
}
]
24 changes: 7 additions & 17 deletions apps/forums/fixtures/posts.json
View file
@@ -1,28 +1,18 @@
[
{
"pk": 118533,
"model": "auth.user",
"pk": 1,
"model": "forums.forum",
"fields": {
"username": "jsocol",
"first_name": "",
"last_name": "",
"is_active": 1,
"is_superuser": 0,
"is_staff": 0,
"last_login": "2010-04-26 19:01:45",
"groups": [],
"user_permissions": [],
"password": "",
"email": "user118533@nowhere",
"date_joined": "2009-08-10 16:09:45"
"name": "Test forum",
"slug": "test-forum"
}
},
{
"pk": 1,
"pk": 2,
"model": "forums.forum",
"fields": {
"name": "Test forum",
"slug": "test-forum"
"name": "Another Forum",
"slug": "another-forum"
}
},
{
Expand Down
11 changes: 11 additions & 0 deletions apps/forums/permissions.py
View file
@@ -0,0 +1,11 @@
from .models import Forum

import authority


class ForumPermission(authority.permissions.BasePermission):
label = 'forums_forum'
checks = ('thread_edit', 'thread_sticky', 'thread_locked',
'thread_delete', 'post_edit', 'post_delete')

authority.register(Forum, ForumPermission)
22 changes: 22 additions & 0 deletions apps/forums/templates/posts.html
View file
Expand Up @@ -8,6 +8,20 @@

{% block content %}
<h2>{{ thread.title }}</h2>
<div class="thread-actions">
{% if has_perm('forums_forum.thread_edit_forum', forum) %}
<a href="{{ url('forums.edit_thread', forum_slug=forum.slug, thread_id=thread.id) }}"><img src="{{ MEDIA_URL }}img/forums/edit.png" alt="{{ _('Edit') }}" title="{{ _('Edit') }}"/></a>
{% endif %}
{% if has_perm('forums_forum.thread_delete_forum', forum) %}
<a href="{{ url('forums.delete_thread', forum_slug=forum.slug, thread_id=thread.id) }}"><img src="{{ MEDIA_URL }}img/forums/delete.png" alt="{{ _('Delete') }}" title="{{ _('Delete') }}"/></a>
{% endif %}
{% if has_perm('forums_forum.thread_locked_forum', forum) %}
<a href="{{ url('forums.lock_thread', forum_slug=forum.slug, thread_id=thread.id) }}"><img src="{{ MEDIA_URL }}img/forums/type/locked.png" alt="{{ _('Change locked status') }}" title="{{ _('Change locked status') }}"/></a>
{% endif %}
{% if has_perm('forums_forum.thread_sticky_forum', forum) %}
<a href="{{ url('forums.sticky_thread', forum_slug=forum.slug, thread_id=thread.id) }}"><img src="{{ MEDIA_URL }}img/forums/type/sticky.png" alt="{{ _('Change sticky status') }}" title="{{ _('Change sticky status') }}"/></a>
{% endif %}
</div>

<ol class="posts-columns">
<li class="author">{{ _('Author') }}</li>
Expand All @@ -24,6 +38,14 @@ <h2>{{ thread.title }}</h2>
</a>
<a href="/tiki-user_information.php?userId={{ post.author.id }}">{{ post.author }}</a>
<span class="posts">{{ _('{0} posts')|f(post.author.post_set.count()) }}</span>
<div class="post-actions">
{% if has_perm('forums_forum.post_edit_forum', forum) %}
<a href="{{ url('forums.edit_post', forum_slug=forum.slug, thread_id=thread.id, post_id=post.id) }}"><img src="{{ MEDIA_URL }}img/forums/edit.png" alt="{{ _('Edit') }}" title="{{ _('Edit') }}"/></a>
{% endif %}
{% if has_perm('forums_forum.post_delete_forum', forum) %}
<a href="{{ url('forums.delete_post', forum_slug=forum.slug, thread_id=thread.id, post_id=post.id) }}"><img src="{{ MEDIA_URL }}img/forums/delete.png" alt="{{ _('Delete') }}" title="{{ _('Delete') }}"/></a>
{% endif %}
</div>
</div>
<div class="content">
{{ post.content_parsed }}
Expand Down
32 changes: 24 additions & 8 deletions apps/forums/tests/__init__.py
View file
Expand Up @@ -9,7 +9,7 @@


class ForumTestCase(TestCase):
fixtures = ['posts.json']
fixtures = ['users.json', 'posts.json']

def setUp(self):
"""Our fixtures have nulled foreign keys to allow them to be
Expand All @@ -31,6 +31,9 @@ def setUp(self):
t3.last_post = Post.objects.get(pk=5)
t3.save()

self.client = client.Client()
self.client.get('/')


class PostTestCase(ForumTestCase):

Expand Down Expand Up @@ -138,10 +141,23 @@ def test_locked_thread(self):
open.new_post(author=user, content='empty')

def test_post_no_session(self):
c = client.Client()
response = c.get(reverse('forums.new_thread',
kwargs={'forum_slug': 'testslug'}),
follow=True)
self.assertEquals('http://testserver/tiki-login.php',
response.redirect_chain[1][0])
self.assertEquals(302, response.redirect_chain[1][1])
response = self.client.get(
reverse('forums.new_thread',
kwargs={'forum_slug': 'test-forum'}),
follow=True)
self.failUnless('http://testserver/tiki-login.php' in
response.redirect_chain[0][0])
self.assertEquals(302, response.redirect_chain[0][1])


class ThreadTestCase(ForumTestCase):

def test_delete_no_session(self):
"""Delete a thread while logged out redirects."""
response = self.client.get(
reverse('forums.delete_thread',
kwargs={'forum_slug': 'test-forum', 'thread_id': 1}),
follow=True)
self.failUnless('http://testserver/tiki-login.php' in
response.redirect_chain[0][0])
self.assertEquals(302, response.redirect_chain[0][1])
122 changes: 122 additions & 0 deletions apps/forums/tests/test_permissions.py
View file
@@ -0,0 +1,122 @@
from nose.tools import eq_
import test_utils

from django.test import TestCase
from django.contrib.auth.models import User

from sumo.helpers import has_perm
from sumo.urlresolvers import reverse
from forums.models import Forum


class ForumTestPermissions(TestCase):
fixtures = ['users.json', 'posts.json', 'forums_permissions.json']

def setUp(self):
url = reverse('forums.threads', args=[u'test-forum'])
self.context = {'request': test_utils.RequestFactory().get(url)}
self.forum_1 = Forum.objects.get(pk=1)
self.forum_2 = Forum.objects.get(pk=2)

def test_has_perm_thread_edit(self):
"""
User in ForumsModerator group can edit thread in forum_1, but not in
forum_2.
"""
self.context['request'].user = User.objects.get(pk=47963)
allowed = has_perm(self.context, 'forums_forum.thread_edit_forum',
self.forum_1)
eq_(allowed, True)
allowed = has_perm(self.context, 'forums_forum.thread_edit_forum',
self.forum_2)
eq_(allowed, False)

def test_has_perm_thread_delete(self):
"""
User in ForumsModerator group can delete thread in forum_1, but not in
forum_2.
"""
self.context['request'].user = User.objects.get(pk=47963)
allowed = has_perm(self.context, 'forums_forum.thread_delete_forum',
self.forum_1)
eq_(allowed, True)
allowed = has_perm(self.context, 'forums_forum.thread_delete_forum',
self.forum_2)
eq_(allowed, False)

def test_has_perm_thread_sticky(self):
"""
User in ForumsModerator group can change sticky status of thread in
forum_1, but not in forum_2.
"""
self.context['request'].user = User.objects.get(pk=47963)
allowed = has_perm(self.context, 'forums_forum.thread_sticky_forum',
self.forum_1)
eq_(allowed, True)
allowed = has_perm(self.context, 'forums_forum.thread_sticky_forum',
self.forum_2)
eq_(allowed, False)

def test_has_perm_thread_locked(self):
"""
Sanity check: ForumsModerator group has no permission to change locked
status in forum_1.
"""
self.context['request'].user = User.objects.get(pk=47963)
allowed = has_perm(self.context, 'forums_forum.thread_locked_forum',
self.forum_1)
eq_(allowed, False)

def test_has_perm_post_edit(self):
"""
User in ForumsModerator group can edit any post in forum_1, but not
in forum_2.
"""
self.context['request'].user = User.objects.get(pk=47963)
allowed = has_perm(self.context, 'forums_forum.post_edit_forum',
self.forum_1)
eq_(allowed, True)
allowed = has_perm(self.context, 'forums_forum.post_edit_forum',
self.forum_2)
eq_(allowed, False)

def test_has_perm_post_delete(self):
"""
User in ForumsModerator group can delete any post in forum_1, but not
in forum_2.
"""
self.context['request'].user = User.objects.get(pk=47963)
allowed = has_perm(self.context, 'forums_forum.post_delete_forum',
self.forum_1)
eq_(allowed, True)
allowed = has_perm(self.context, 'forums_forum.post_delete_forum',
self.forum_2)
eq_(allowed, False)

def test_no_perm_thread_delete(self):
"""
User not in ForumsModerator group cannot delete thread in any forum.
"""
self.context['request'].user = User.objects.get(pk=118533)
allowed = has_perm(self.context, 'forums_forum.thread_delete_forum',
self.forum_1)
eq_(allowed, False)
allowed = has_perm(self.context, 'forums_forum.thread_delete_forum',
self.forum_2)
eq_(allowed, False)

def test_admin_perm_thread(self):
"""Super user can do anything on any forum."""
self.context['request'].user = User.objects.get(pk=1)

# Loop over all forums perms and both forums
perms = ('thread_edit_forum', 'thread_delete_forum', 'post_edit_forum',
'thread_sticky_forum', 'thread_locked_forum',
'post_delete_forum')
forums = (self.forum_1, self.forum_2)

for perm in perms:
for forum in forums:
allowed = has_perm(self.context, 'forums_forum.' + perm,
forum)
eq_(allowed, True)
15 changes: 14 additions & 1 deletion apps/forums/urls.py
View file
Expand Up @@ -13,4 +13,17 @@
url(r'^/(?P<forum_slug>[\w\-]+)/feed$',
ThreadsFeed(), name="forums.threads.feed"),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/feed$',
PostsFeed(), name="forums.posts.feed"))
PostsFeed(), name="forums.posts.feed"),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/lock$',
'lock_thread', name='forums.lock_thread'),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/sticky$',
'sticky_thread', name='forums.sticky_thread'),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/edit$',
'edit_thread', name='forums.edit_thread'),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/delete$',
'delete_thread', name='forums.delete_thread'),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/(?P<post_id>\d+)/edit$',
'edit_post', name='forums.edit_post'),
url(r'^/(?P<forum_slug>[\w\-]+)/(?P<thread_id>\d+)/(?P<post_id>\d+)/delete$',
'delete_post', name='forums.delete_post'),
)

0 comments on commit df36d80

Please sign in to comment.