Blog publish tests and fixes

symkat · symkat · commit a239a0cd4f32 · 2021-11-27T11:00:44.000-08:00
diff --git a/Web/lib/BlogDB/Web.pm b/Web/lib/BlogDB/Web.pm
@@ -95,7 +95,7 @@ sub startup ($self) {
     $r->post   ( '/blog/new'              )->to( 'Blog#post_new_blog'        )->name( 'do_new_blog'         ); # Create a new blog.
     $r->get    ( '/blog/new/:id'          )->to( 'Blog#get_edit_new_blog'    )->name( 'edit_new_blog'       ); # Show edit a new blog page.
     $r->post   ( '/blog/new/:id'          )->to( 'Blog#post_edit_new_blog'   )->name( 'do_edit_new_blog'    ); # Update a new blog.
-    $r->post   ( '/blog/publish/:id'      )->to( 'Blog#post_publish_new_blog')->name( 'do_publish_new_blog' ); # Publish (PendingBlog -> Blog.)
+    $auth->post( '/blog/publish/:id'      )->to( 'Blog#post_publish_new_blog')->name( 'do_publish_new_blog' ); # Publish (PendingBlog -> Blog.)
 
     $r->get    ( '/blog/v/:slug'          )->to( 'Blog#get_view_blog'        )->name( 'view_blog');
     $r->get    ( '/blog/e/:slug'          )->to( 'Blog#get_edit_blog'        )->name( 'edit_blog');
diff --git a/Web/lib/BlogDB/Web/Controller/Blog.pm b/Web/lib/BlogDB/Web/Controller/Blog.pm
@@ -289,6 +289,17 @@ sub post_edit_new_blog ($c) {
 sub post_publish_new_blog ($c) {
     my $pb = $c->db->resultset('PendingBlog')->find( $c->param('id') );
 
+    push @{$c->stash->{errors}}, 'No such blog id.'
+        unless $pb;
+
+    push @{$c->stash->{errors}}, 'Not Authorized.'
+        unless $c->stash->{person}->setting( 'can_manage_blogs' );
+
+    if ( @{$c->stash->{errors} || []} ) {
+        $c->redirect_to( $c->url_for( 'homepage' ) );
+        return 0;
+    }
+
     my $blog = $c->db->resultset('Blog')->create({
         title    => $pb->title, 
         url      => $pb->url,
diff --git a/Web/t/01_endpoints/03_blog/03_publish_new_blog.t b/Web/t/01_endpoints/03_blog/03_publish_new_blog.t
@@ -0,0 +1,52 @@
+#!/usr/bin/env perl
+use Mojo::Base '-signatures';
+use BlogDB::Web::Test;
+
+my $t = Test::Mojo::BlogDB->new('BlogDB::Web');
+
+# Post a new blog as a logged in user.
+$t->create_user->post_ok( '/blog/new', 
+    form => {
+        url => 'https://modfoss.com/',        
+    })->code_block( sub { 
+        my ( $t ) = @_;
+        $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+        ok $t->_sg, "Created blog entry.";
+    });
+
+my $blog_id = $t->_sg->id;
+
+# New Session, update the blog as a can_manage_blogs user..
+$t = Test::Mojo::BlogDB->new('BlogDB::Web');
+
+$t->create_user({ can_manage_blogs => 1 })->post_ok( "/blog/new/$blog_id", form => {
+    title   => 'modFoss',
+    url     => 'https://modfoss.com/',
+    rss_url => 'https://modfoss.com/feed',
+    tagline => 'Articles on technical matters.',
+    about   => 'A technical blog.'
+})->code_block( sub { 
+    my ( $t ) = @_;
+    $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+    ok $t->_sg, "Found blog entry";
+    is $t->_sg->title, 'modFoss', 'Title updated.';
+    is $t->_sg->url, 'https://modfoss.com/', 'URL updated.';
+    is $t->_sg->rss_url , 'https://modfoss.com/feed', 'RSS URL updated.';
+    is $t->_sg->tagline , 'Articles on technical matters.', 'Tagline updated.';
+    is $t->_sg->about , 'A technical blog.', 'About updated.';
+})->stash_has( { authorization => [ 'setting:can_manage_blogs' ] } );
+
+# Now we publish the blog, we're still in the user account with can_manage_blogs
+$t->post_ok( "/blog/publish/$blog_id", form => {})
+    ->code_block( sub { 
+    my ( $t ) = @_;
+    $t->_ss($t->app->db->resultset('Blog')->find( { url => 'https://modfoss.com/'}));
+    ok $t->_sg, "Found published blog";
+    is $t->_sg->title, 'modFoss', 'Blog has correct title.';
+
+
+    $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+    is $t->_sg, undef, "Blog has been deleted from PendingBlogs.";
+});
+
+done_testing;
diff --git a/Web/t/01_endpoints/03_blog/03_publish_new_blog_no_perm.t b/Web/t/01_endpoints/03_blog/03_publish_new_blog_no_perm.t
@@ -0,0 +1,40 @@
+#!/usr/bin/env perl
+# Test to make sure that a normal user (w/o can_manage_blogs) cannot approve a blog.
+use Mojo::Base '-signatures';
+use BlogDB::Web::Test;
+
+my $t = Test::Mojo::BlogDB->new('BlogDB::Web');
+
+# Post a new blog as a logged in user.
+$t->create_user->post_ok( '/blog/new', 
+    form => {
+        url => 'https://modfoss.com/',        
+    })->code_block( sub { 
+        my ( $t ) = @_;
+        $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+        ok $t->_sg, "Created blog entry.";
+    });
+
+my $blog_id = $t->_sg->id;
+
+# Update the blog as the same user.
+$t->post_ok( "/blog/new/$blog_id", form => {
+    title   => 'modFoss',
+    url     => 'https://modfoss.com/',
+    rss_url => 'https://modfoss.com/feed',
+    tagline => 'Articles on technical matters.',
+    about   => 'A technical blog.'
+})->code_block( sub { 
+    my ( $t ) = @_;
+    $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+    ok $t->_sg, "Found blog entry";
+    is $t->_sg->title, 'modFoss', 'Title updated.';
+})->stash_has( { authorization => [ 'submitter' ] } );
+
+# Now we try to publish the blog, it should fail for no user account.
+$t->post_ok( "/blog/publish/$blog_id", form => {})
+    ->stash_has( { errors => [ 'Not Authorized.' ] });
+
+
+
+done_testing;
diff --git a/Web/t/01_endpoints/03_blog/03_publish_new_blog_no_user.t b/Web/t/01_endpoints/03_blog/03_publish_new_blog_no_user.t
@@ -0,0 +1,39 @@
+#!/usr/bin/env perl
+# Test to make sure that an anonymous user cannot approve a blog.
+use Mojo::Base '-signatures';
+use BlogDB::Web::Test;
+
+my $t = Test::Mojo::BlogDB->new('BlogDB::Web');
+
+# Post a new blog as a logged in user.
+$t->create_user->post_ok( '/blog/new', 
+    form => {
+        url => 'https://modfoss.com/',        
+    })->code_block( sub { 
+        my ( $t ) = @_;
+        $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+        ok $t->_sg, "Created blog entry.";
+    });
+
+my $blog_id = $t->_sg->id;
+
+# Update the blog as the same user.
+$t->post_ok( "/blog/new/$blog_id", form => {
+    title   => 'modFoss',
+    url     => 'https://modfoss.com/',
+    rss_url => 'https://modfoss.com/feed',
+    tagline => 'Articles on technical matters.',
+    about   => 'A technical blog.'
+})->code_block( sub { 
+    my ( $t ) = @_;
+    $t->_ss($t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'}));
+    ok $t->_sg, "Found blog entry";
+    is $t->_sg->title, 'modFoss', 'Title updated.';
+})->stash_has( { authorization => [ 'submitter' ] } );
+
+# Now we try to publish the blog, it should fail because no logged in user.
+$t = Test::Mojo::BlogDB->new('BlogDB::Web');
+$t->post_ok( "/blog/publish/$blog_id", form => {})
+    ->stash_has( { errors => [ 'Login required.']}, 'Thrown out for no login.');
+
+done_testing;
