Skip to content

Commit

Permalink
More tests and auth fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
symkat committed Nov 28, 2021
1 parent 86479a7 commit fb35c3e
Show file tree
Hide file tree
Showing 6 changed files with 244 additions and 33 deletions.
46 changes: 14 additions & 32 deletions Web/lib/BlogDB/Web.pm
Expand Up @@ -81,46 +81,28 @@ sub startup ($self) {
$r->post( '/logout' )->to( 'Root#post_logout' )->name('do_logout' );

# /user/ routes
$r->get ( '/user/:name' )->to( 'User#get_user' )->name( 'user' );
$auth->post( '/user/:name/follow' )->to( 'User#post_follow' )->name( 'do_follow_user' );
$auth->post( '/user/:name/unfollow' )->to( 'User#post_unfollow')->name( 'do_unfollow_user' );
$auth->get ( '/user/settings' )->to( 'User#get_settings' )->name( 'user_settings' );
$auth->post( '/user/settings/bio' )->to( 'User#post_bio' )->name( 'do_user_bio' );
$auth->post( '/user/settings/about' )->to( 'User#post_about' )->name( 'do_user_about' );
$auth->post( '/user/settings/password')->to( 'User#post_password')->name( 'do_user_password' );
$auth->post( '/user/settings/email' )->to( 'User#post_email' )->name( 'do_user_email' );
#$r->get ( '/user/:name' )->to( 'User#get_user' )->name( 'user' );
#$auth->post( '/user/:name/follow' )->to( 'User#post_follow' )->name( 'do_follow_user' );
#$auth->post( '/user/:name/unfollow' )->to( 'User#post_unfollow')->name( 'do_unfollow_user' );
#$auth->get ( '/user/settings' )->to( 'User#get_settings' )->name( 'user_settings' );
#$auth->post( '/user/settings/bio' )->to( 'User#post_bio' )->name( 'do_user_bio' );
#$auth->post( '/user/settings/about' )->to( 'User#post_about' )->name( 'do_user_about' );
#$auth->post( '/user/settings/password')->to( 'User#post_password')->name( 'do_user_password' );
#$auth->post( '/user/settings/email' )->to( 'User#post_email' )->name( 'do_user_email' );

# /blog/ routes
$r->get ( '/blog/new' )->to( 'Blog#get_new_blogs' )->name( 'new_blogs' ); # List new blogs.
$r->post ( '/blog/new' )->to( 'Blog#post_new_blog' )->name( 'do_new_blog' ); # Create a new blog.
$r->get ( '/blog/new/:id' )->to( 'Blog#get_edit_new_blog' )->name( 'edit_new_blog' ); # Show edit a new blog page.
$r->post ( '/blog/new/:id' )->to( 'Blog#post_edit_new_blog' )->name( 'do_edit_new_blog' ); # Update a new blog.
$auth->post( '/blog/publish/:id' )->to( 'Blog#post_publish_new_blog')->name( 'do_publish_new_blog' ); # Publish (PendingBlog -> Blog.)

$r->get ( '/blog/v/:slug' )->to( 'Blog#get_view_blog' )->name( 'view_blog');
$r->get ( '/blog/e/:slug' )->to( 'Blog#get_edit_blog' )->name( 'edit_blog');
$r->post ( '/blog/e/:slug' )->to( 'Blog#post_edit_blog' )->name( 'do_edit_blog');

$r->post ( '/blog/follow' )->to( 'Blog#post_blog_follow' )->name( 'do_follow_blog' );
$r->post ( '/blog/unfollow' )->to( 'Blog#post_blog_unfollow' )->name( 'do_unfollow_blog');

$r->post ( '/blog/comment' )->to( 'Blog#post_blog_comment' )->name( 'do_blog_comment');
$r->get ( '/blog/v/:slug' )->to( 'Blog#get_view_blog' )->name( 'view_blog' ); # View specific blog
$auth->get ( '/blog/e/:slug' )->to( 'Blog#get_edit_blog' )->name( 'edit_blog' ); # View edit page
$auth->post( '/blog/e/:slug' )->to( 'Blog#post_edit_blog' )->name( 'do_edit_blog' ); # Post edits to blog
$auth->post( '/blog/follow' )->to( 'Blog#post_blog_follow' )->name( 'do_follow_blog' ); # Follow a blog
$auth->post( '/blog/unfollow' )->to( 'Blog#post_blog_unfollow' )->name( 'do_unfollow_blog' ); # Unfollow a blog
$auth->post( '/blog/comment' )->to( 'Blog#post_blog_comment' )->name( 'do_blog_comment' ); # Comment on blog/reply.

# $r->post ( '/blog/unfollow' )->to( 'Blog#post_blog_unfollow' )->name( 'do_unfollow_blog');
# $r->get ( '/view/:id/:name' )->to( 'Blog#get_blog' )->name( 'blog' ); # View A Specific Blog.
#
# $auth->get ( '/blog/new' )->to( 'Blog#get_new_blogs' )->name( 'new_blogs' ); # List pending blogs for approval.
# $r->get ( '/blog/new/:id/:title' )->to( 'Blog#get_edit_blog' )->name( 'edit_new_blog' ); # Get the edit page for a new blog.
# $r->post ( '/blog/new/:name' )->to( 'Blog#post_edit_blog' )->name( 'do_edit_new_blog' ); # Post an update with the edit page.
#
# $auth->post( '/blog/:name/follow' )->to( 'Blog#post_follow' )->name( 'do_follow_blog' );
# $auth->post( '/blog/:name/unfollow' )->to( 'Blog#post_unfollow' )->name( 'do_unfollow_blog' );
# $auth->get ( '/blog/:name/settings' )->to( 'Blog#get_settings' )->name( 'blog_settings' );
# $auth->post( '/blog/:name' )->to( 'Blog#post_settings' )->name( 'do_blog_settings' );
# $auth->post( '/blog/:name/publish' )->to( 'Blog#post_publish' )->name( 'do_publish' );
# $auth->post( '/blog/:name/unpublish' )->to( 'Blog#post_unpublish')->name( 'do_unpublish' );


# /tags/
$r->get ( '/tags' )->to( 'Tags#get_tags' )->name( 'tags' );
$auth->post( '/tags/suggest' )->to( 'Tags#post_suggest_tag')->name( 'do_suggest_tag' );
Expand Down
18 changes: 17 additions & 1 deletion Web/lib/BlogDB/Web/Controller/Blog.pm
Expand Up @@ -26,6 +26,14 @@ sub get_view_blog ($c) {

sub get_edit_blog ($c) {
$c->set_template( 'blog/edit' );

push @{$c->stash->{errors}}, 'Not Authorized.'
unless $c->stash->{person}->setting( 'can_manage_blogs' );

if ( @{$c->stash->{errors} || []} ) {
$c->redirect_to( $c->url_for( 'homepage' ) );
return 0;
}

my $blog = $c->stash->{blog} = $c->db->resultset('Blog')->find(
$c->_slug_to_id($c->param('slug'))
Expand Down Expand Up @@ -53,6 +61,13 @@ sub get_edit_blog ($c) {
sub post_edit_blog ($c) {
$c->set_template( 'blog/edit' );

push @{$c->stash->{errors}}, 'Not Authorized.'
unless $c->stash->{person}->setting( 'can_manage_blogs' );

if ( @{$c->stash->{errors} || []} ) {
$c->redirect_to( $c->url_for( 'homepage' ) );
return 0;
}
my $blog = $c->stash->{blog} = $c->db->resultset('Blog')->find(
$c->_slug_to_id($c->param('slug'))
);
Expand Down Expand Up @@ -112,13 +127,14 @@ sub post_blog_comment ($c) {
# pos = 1, neg = -1, otherwise 0
my $vote = $rev_pos ? 1 : ( $rev_neg ? -1 : 0 );

$c->stash->{person}->create_related('messages', {
my $obj = $c->stash->{person}->create_related('messages', {
blog_id => $blog_id,
content => $message,
parent_id => $parent,
vote => $vote,
});

$c->stash->{created_comment_id} = $obj->id;
$c->redirect_to( $c->url_for( 'view_blog', slug => $blog_id ) );
}

Expand Down
45 changes: 45 additions & 0 deletions Web/t/01_endpoints/03_blog/04_view_blog.t
@@ -0,0 +1,45 @@
#!/usr/bin/env perl
use Mojo::Base '-signatures';
use BlogDB::Web::Test;

# Create and publish the modFoss blog.
my $t = Test::Mojo::BlogDB->new('BlogDB::Web');

my ($blog_id, $slug);
$t->create_user({can_manage_blogs => 1})->post_ok( '/blog/new',
form => { url => 'https://modfoss.com/',
})->code_block( sub {
$blog_id = $t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'})->id;
})->post_ok( "/blog/new/$blog_id", form => {
title => 'modFoss',
url => 'https://modfoss.com/',
rss_url => 'https://modfoss.com/feed',
tagline => 'Articles on technical matters.',
about => 'A technical blog.'
})->post_ok( "/blog/publish/$blog_id", form => {

})->code_block( sub {
$slug = $t->app->db->resultset('Blog')->find( { url => 'https://modfoss.com/'})->slug;
});

# View the blog as an anonymous user.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');

$t->get_ok( "/blog/v/$slug" )->code_block( sub {
my $t = shift;
ok $t->stash->{blog};
is $t->stash->{person}, undef, 'No person object for anon.';
is $t->stash->{blog}->title, 'modFoss', 'Blog object found.';
});

# View the blog as a logged in user.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');

$t->create_user->get_ok( "/blog/v/$slug" )->code_block( sub {
my $t = shift;
ok $t->stash->{blog};
ok $t->stash->{person}, 'Person object for logged in user.';
is $t->stash->{blog}->title, 'modFoss', 'Blog object found.';
});

done_testing;
70 changes: 70 additions & 0 deletions Web/t/01_endpoints/03_blog/05_edit_blog.t
@@ -0,0 +1,70 @@
#!/usr/bin/env perl
use Mojo::Base '-signatures';
use BlogDB::Web::Test;

# Create and publish the modFoss blog.
my $t = Test::Mojo::BlogDB->new('BlogDB::Web');

my ($blog_id, $slug);
$t->create_user({can_manage_blogs => 1})->post_ok( '/blog/new',
form => { url => 'https://modfoss.com/',
})->code_block( sub {
$blog_id = $t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'})->id;
})->post_ok( "/blog/new/$blog_id", form => {
title => 'modFoss',
url => 'https://modfoss.com/',
rss_url => 'https://modfoss.com/feed',
tagline => 'Articles on technical matters.',
about => 'A technical blog.'
})->post_ok( "/blog/publish/$blog_id", form => {
})->code_block( sub {
$slug = $t->app->db->resultset('Blog')->find( { url => 'https://modfoss.com/'})->slug;
});

# Trying to edit the blog as an anonymous user doesn't work.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');

$t->get_ok( "/blog/e/$slug" )->stash_has( {
errors => [ 'Login required.' ]
}, 'Cannot view edit blog page without login.' );

$t->post_ok( "/blog/e/$slug" )->stash_has( {
errors => [ 'Login required.' ]
}, 'Cannot view edit blog page without login.' );

# Trying to edit the blog as a logged in user doesn't work,
# without the can_manage_blogs permission.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');

$t->create_user->get_ok( "/blog/e/$slug" )->stash_has( {
errors => [ 'Not Authorized.' ]
}, 'Cannot view edit blog page without can_manage_blogs.' );

$t->post_ok( "/blog/e/$slug" )->stash_has( {
errors => [ 'Not Authorized.' ]
}, 'Cannot post to edit blog page without can_manage_blogs.' );

# Editing the blog with can_manage_blogs does work.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');

$t->create_user({ can_manage_blogs => 1 })->get_ok( "/blog/e/$slug" )->code_block( sub {
ok $t->stash->{blog}, "Have blog object.";
is $t->stash->{form_title}, 'modFoss', 'Form stash works.';
});

$t->post_ok( "/blog/e/$slug", form => {
title => 'modFoss Blog',
url => 'http://modfoss.com/',
rss_url => 'http://modfoss.com/feed',
tagline => 'Technical Matters under Articles',
about => 'Blog Technical, A?',
})->code_block( sub {
$t->_ss($t->app->db->resultset('Blog')->find( { url => 'https://modfoss.com/'}));
is $t->_sg, undef, 'Blog cannot be found by the old URL.';
$t->_ss($t->app->db->resultset('Blog')->find( { url => 'http://modfoss.com/'}));
ok $t->_sg, 'Blog is found by the new URL now.';
is $t->_sg->title, 'modFoss Blog', 'The blog updated.';

});

done_testing;
38 changes: 38 additions & 0 deletions Web/t/01_endpoints/03_blog/06_follow_blog.t
@@ -0,0 +1,38 @@
#!/usr/bin/env perl
use Mojo::Base '-signatures';
use BlogDB::Web::Test;

# Create and publish the modFoss blog.
my $t = Test::Mojo::BlogDB->new('BlogDB::Web');

my ($blog_id, $slug);
$t->create_user({can_manage_blogs => 1})->post_ok( '/blog/new',
form => { url => 'https://modfoss.com/',
})->code_block( sub {
$blog_id = $t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'})->id;
})->post_ok( "/blog/new/$blog_id", form => {
title => 'modFoss',
url => 'https://modfoss.com/',
rss_url => 'https://modfoss.com/feed',
tagline => 'Articles on technical matters.',
about => 'A technical blog.'
})->post_ok( "/blog/publish/$blog_id", form => {
})->code_block( sub {
$slug = $t->app->db->resultset('Blog')->find( { url => 'https://modfoss.com/'})->slug;
});

# User who isn't logged in cannot follow a blog.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');
$t->post_ok( '/blog/follow', form => { blog_id => $blog_id })
->stash_has( { errors => [ 'Login required.']}, 'Login required to follow blogs.');

# Regular user can follow a blog.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');
$t->create_user->post_ok( '/blog/follow', form => { blog_id => $blog_id })
->code_block( sub {
my $t = shift;
my $blogs = $t->stash->{person}->get_followed_blogs;
is $blogs->[0]->id, $blog_id, "A logged in user can follow a blog.";
});

done_testing;
60 changes: 60 additions & 0 deletions Web/t/01_endpoints/03_blog/07_comment_on_blog.t
@@ -0,0 +1,60 @@
#!/usr/bin/env perl
use Mojo::Base '-signatures';
use BlogDB::Web::Test;

# Create and publish the modFoss blog.
my $t = Test::Mojo::BlogDB->new('BlogDB::Web');

my ($blog_id, $slug);
$t->create_user({can_manage_blogs => 1})->post_ok( '/blog/new',
form => { url => 'https://modfoss.com/',
})->code_block( sub {
$blog_id = $t->app->db->resultset('PendingBlog')->find( { url => 'https://modfoss.com/'})->id;
})->post_ok( "/blog/new/$blog_id", form => {
title => 'modFoss',
url => 'https://modfoss.com/',
rss_url => 'https://modfoss.com/feed',
tagline => 'Articles on technical matters.',
about => 'A technical blog.'
})->post_ok( "/blog/publish/$blog_id", form => {
})->code_block( sub {
$slug = $t->app->db->resultset('Blog')->find( { url => 'https://modfoss.com/'})->slug;
});

# User who isn't logged in cannot comment on a blog..
$t = Test::Mojo::BlogDB->new('BlogDB::Web');
$t->post_ok( '/blog/comment', form => {
blog_id => $blog_id,
message => 'First Comment',
rev_pos => 1,
})->stash_has( { errors => [ 'Login required.']}, 'Login required to post comment.');

# User can post a comment.
# They (or another user) can then reply to comments.
# Create a comment, then reply to it, verify both comments show up.
$t = Test::Mojo::BlogDB->new('BlogDB::Web');
$t->create_user->post_ok( '/blog/comment', form => {
blog_id => $blog_id,
message => 'First Comment',
rev_pos => 1,
})->code_block( sub {
my $t = shift;
$t->_ss($t->app->db->resultset('Message')->find($t->stash->{created_comment_id}));
ok $t->_sg, 'Got comment object.';
is $t->_sg->content, 'First Comment', 'Comment object has correct message.';
$t->_ss( $t->_sg->id );
})->post_ok( '/blog/comment', form => {
blog_id => $blog_id,
message => 'Child Comment',
rev_pos => 1,
parent_id => $t->_sg,
})->code_block( sub {
$t->_ss($t->app->db->resultset('Message')->find($t->_sg));
ok $t->_sg, 'Got comment object.';
is $t->_sg->content, 'First Comment', 'Comment object has correct message.';
$t->_ss( @{$t->_sg->get_children} );
ok $t->_sg, 'Got comment object\'s child.';
is $t->_sg->content, 'Child Comment', 'Comment object has correct message.';
});

done_testing;

0 comments on commit fb35c3e

Please sign in to comment.