[mediagoblin.git] / mediagoblin / tests / test_moderation.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import pytest

from mediagoblin.tests.tools import (fixture_add_user,
            fixture_add_comment_report, fixture_add_comment)
from mediagoblin.db.models import User, CommentReport, MediaComment, UserBan
from mediagoblin.moderation.tools import take_away_privileges, give_privileges
from mediagoblin.tools import template, mail

from webtest import AppError

class TestModerationViews:
    @pytest.fixture(autouse=True)
    def _setup(self, test_app):
        self.test_app = test_app

        fixture_add_user(u'admin',
            privileges=[u'admin',u'active'])
        fixture_add_user(u'moderator',
            privileges=[u'moderator',u'active'])
        fixture_add_user(u'regular',
            privileges=[u'active',u'commenter'])
        self.query_for_users()

    def login(self, username):
        self.test_app.post(
            '/auth/login/', {
                'username': username,
                'password': 'toast'})
        self.query_for_users()

    def logout(self):
        self.test_app.get('/auth/logout/')
        self.query_for_users()

    def query_for_users(self):
        self.admin_user = User.query.filter(User.username==u'admin').first()
        self.mod_user = User.query.filter(User.username==u'moderator').first()
        self.user = User.query.filter(User.username==u'regular').first()

    def do_post(self, data, *context_keys, **kwargs):
        url = kwargs.pop('url', '/submit/')
        do_follow = kwargs.pop('do_follow', False)
        template.clear_test_template_context()
        response = self.test_app.post(url, data, **kwargs)
        if do_follow:
            response.follow()
        context_data = template.TEMPLATE_TEST_CONTEXT
        for key in context_keys:
            context_data = context_data[key]
        return response, context_data

    def testGiveOrTakeAwayPrivileges(self):
        self.login(u'admin')
        # First, test an admin taking away a privilege from a user
        #----------------------------------------------------------------------
        response, context = self.do_post({'privilege_name':u'commenter'},
            url='/mod/users/{0}/privilege/'.format(self.user.username))
        assert response.status == '302 FOUND'
        self.query_for_users()
        assert not self.user.has_privilege(u'commenter')

        # Then, test an admin giving a privilege to a user
        #----------------------------------------------------------------------
        response, context = self.do_post({'privilege_name':u'commenter'},
            url='/mod/users/{0}/privilege/'.format(self.user.username))
        assert response.status == '302 FOUND'
        self.query_for_users()
        assert self.user.has_privilege(u'commenter')

        # Then, test a mod trying to take away a privilege from a user
        # they are not allowed to do this, so this will raise an error
        #----------------------------------------------------------------------
        self.logout()
        self.login(u'moderator')

        with pytest.raises(AppError) as excinfo:
            response, context = self.do_post({'privilege_name':u'commenter'},
                url='/mod/users/{0}/privilege/'.format(self.user.username))
        assert 'Bad response: 403 FORBIDDEN' in str(excinfo)
        self.query_for_users()

        assert self.user.has_privilege(u'commenter')

    def testReportResolution(self):
        self.login(u'moderator')

        # First, test a moderators taking away a user's privilege in response
        # to a reported comment
        #----------------------------------------------------------------------
        fixture_add_comment_report(reported_user=self.user)
        comment_report = CommentReport.query.filter(
            CommentReport.reported_user==self.user).first()

        response = self.test_app.get('/mod/reports/{0}/'.format(
            comment_report.id))
        assert response.status == '200 OK'
        self.query_for_users()
        comment_report = CommentReport.query.filter(
            CommentReport.reported_user==self.user).first()

        response, context = self.do_post({'action_to_resolve':[u'takeaway'],
            'take_away_privileges':[u'commenter'],
            'targeted_user':self.user.id},
            url='/mod/reports/{0}/'.format(comment_report.id))

        assert response.status == '302 FOUND'
        fixture_add_comment_report(reported_user=self.user)
        comment_report = CommentReport.query.filter(
            CommentReport.reported_user==self.user).first()

        assert not self.user.has_privilege(u'commenter')

        # Then, test a moderator sending an email to a user in response to a
        # reported comment
        #----------------------------------------------------------------------
        self.query_for_users()

        response, context = self.do_post({'action_to_resolve':[u'sendmessage'],
            'message_to_user':'This is your last warning, regular....',
            'targeted_user':self.user.id},
            url='/mod/reports/{0}/'.format(comment_report.id))

        assert response.status == '302 FOUND'
        assert mail.EMAIL_TEST_MBOX_INBOX ==  [{'to': [u'regular@example.com'],
            'message': 'Content-Type: text/plain; charset="utf-8"\n\
MIME-Version: 1.0\nContent-Transfer-Encoding: base64\nSubject: Warning from- \
moderator \nFrom: notice@mediagoblin.example.org\nTo: regular@example.com\n\n\
VGhpcyBpcyB5b3VyIGxhc3Qgd2FybmluZywgcmVndWxhci4uLi4=\n',
            'from': 'notice@mediagoblin.example.org'}]

        # Then test a moderator banning a user AND a moderator deleting the
        # offending comment. This also serves as a test for taking multiple
        # actions to resolve a report
        #----------------------------------------------------------------------
        self.query_for_users()
        fixture_add_comment(author=self.user.id,
            comment=u'Comment will be removed')
        test_comment = MediaComment.query.filter(
            MediaComment.author==self.user.id).first()
        fixture_add_comment_report(comment=test_comment,
            reported_user=self.user)
        comment_report = CommentReport.query.filter(
            CommentReport.reported_user==self.user).first()

        response, context = self.do_post(
            {'action_to_resolve':[u'userban', u'delete'],
            'targeted_user':self.user.id},
            url='/mod/reports/{0}/'.format(comment_report.id))
        assert response.status == '302 FOUND'
        self.query_for_users()
        test_user_ban = UserBan.query.filter(
            UserBan.user_id == self.user.id).first()
        assert test_user_ban is not None
        test_comment = MediaComment.query.filter(
            MediaComment.author==self.user.id).first()
        assert test_comment is None

        # Then, test what happens when a moderator attempts to punish an admin
        # from a reported comment on an admin.
        #----------------------------------------------------------------------
        fixture_add_comment_report(reported_user=self.admin_user)
        comment_report = CommentReport.query.filter(
            CommentReport.reported_user==self.admin_user).first()

        response, context = self.do_post({'action_to_resolve':[u'takeaway'],
            'take_away_privileges':[u'active'],
            'targeted_user':self.admin_user.id},
            url='/mod/reports/{0}/'.format(comment_report.id))
        self.query_for_users()

        assert response.status == '200 OK'
        assert self.admin_user.has_privilege(u'active')

    def testAllModerationViews(self):
        self.login(u'moderator')
        self.test_app.get('/mod/reports/')
        self.test_app.get('/mod/users/')
        self.test_app.get('/mod/media/')
Commit	Line	Data
dfd66b78	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import pytest
	18
	19	from mediagoblin.tests.tools import (fixture_add_user,
	20	fixture_add_comment_report, fixture_add_comment)
	21	from mediagoblin.db.models import User, CommentReport, MediaComment, UserBan
	22	from mediagoblin.moderation.tools import take_away_privileges, give_privileges
	23	from mediagoblin.tools import template, mail
	24
	25	from webtest import AppError
	26
	27	class TestModerationViews:
	28	@pytest.fixture(autouse=True)
	29	def _setup(self, test_app):
	30	self.test_app = test_app
	31
	32	fixture_add_user(u'admin',
	33	privileges=[u'admin',u'active'])
	34	fixture_add_user(u'moderator',
	35	privileges=[u'moderator',u'active'])
	36	fixture_add_user(u'regular',
	37	privileges=[u'active',u'commenter'])
	38	self.query_for_users()
	39
	40	def login(self, username):
	41	self.test_app.post(
	42	'/auth/login/', {
	43	'username': username,
	44	'password': 'toast'})
	45	self.query_for_users()
	46
	47	def logout(self):
	48	self.test_app.get('/auth/logout/')
	49	self.query_for_users()
	50
	51	def query_for_users(self):
	52	self.admin_user = User.query.filter(User.username==u'admin').first()
	53	self.mod_user = User.query.filter(User.username==u'moderator').first()
	54	self.user = User.query.filter(User.username==u'regular').first()
	55
	56	def do_post(self, data, context_keys, *kwargs):
	57	url = kwargs.pop('url', '/submit/')
	58	do_follow = kwargs.pop('do_follow', False)
	59	template.clear_test_template_context()
	60	response = self.test_app.post(url, data, **kwargs)
	61	if do_follow:
	62	response.follow()
	63	context_data = template.TEMPLATE_TEST_CONTEXT
	64	for key in context_keys:
65	context_data = context_data[key]
66	return response, context_data
67
68	def testGiveOrTakeAwayPrivileges(self):
69	self.login(u'admin')
70	# First, test an admin taking away a privilege from a user
71	#----------------------------------------------------------------------
72	response, context = self.do_post({'privilege_name':u'commenter'},
73	url='/mod/users/{0}/privilege/'.format(self.user.username))
74	assert response.status == '302 FOUND'
75	self.query_for_users()
76	assert not self.user.has_privilege(u'commenter')
77
78	# Then, test an admin giving a privilege to a user
79	#----------------------------------------------------------------------
80	response, context = self.do_post({'privilege_name':u'commenter'},
81	url='/mod/users/{0}/privilege/'.format(self.user.username))
82	assert response.status == '302 FOUND'
83	self.query_for_users()
84	assert self.user.has_privilege(u'commenter')
85
86	# Then, test a mod trying to take away a privilege from a user
87	# they are not allowed to do this, so this will raise an error
88	#----------------------------------------------------------------------
89	self.logout()
90	self.login(u'moderator')
91
92	with pytest.raises(AppError) as excinfo:
93	response, context = self.do_post({'privilege_name':u'commenter'},
94	url='/mod/users/{0}/privilege/'.format(self.user.username))
95	assert 'Bad response: 403 FORBIDDEN' in str(excinfo)
96	self.query_for_users()
97
98	assert self.user.has_privilege(u'commenter')
99
100	def testReportResolution(self):
101	self.login(u'moderator')
102
103	# First, test a moderators taking away a user's privilege in response
104	# to a reported comment
105	#----------------------------------------------------------------------
106	fixture_add_comment_report(reported_user=self.user)
107	comment_report = CommentReport.query.filter(
108	CommentReport.reported_user==self.user).first()
109
110	response = self.test_app.get('/mod/reports/{0}/'.format(
111	comment_report.id))
112	assert response.status == '200 OK'
113	self.query_for_users()
114	comment_report = CommentReport.query.filter(
115	CommentReport.reported_user==self.user).first()
116
117	response, context = self.do_post({'action_to_resolve':[u'takeaway'],
118	'take_away_privileges':[u'commenter'],
119	'targeted_user':self.user.id},
120	url='/mod/reports/{0}/'.format(comment_report.id))
121
122	assert response.status == '302 FOUND'
123	fixture_add_comment_report(reported_user=self.user)
124	comment_report = CommentReport.query.filter(
125	CommentReport.reported_user==self.user).first()
126
127	assert not self.user.has_privilege(u'commenter')
128
129	# Then, test a moderator sending an email to a user in response to a
130	# reported comment
131	#----------------------------------------------------------------------
132	self.query_for_users()
133
134	response, context = self.do_post({'action_to_resolve':[u'sendmessage'],
135	'message_to_user':'This is your last warning, regular....',
136	'targeted_user':self.user.id},
137	url='/mod/reports/{0}/'.format(comment_report.id))
138
139	assert response.status == '302 FOUND'
140	assert mail.EMAIL_TEST_MBOX_INBOX == [{'to': [u'regular@example.com'],
141	'message': 'Content-Type: text/plain; charset="utf-8"\n\
142	MIME-Version: 1.0\nContent-Transfer-Encoding: base64\nSubject: Warning from- \
143	moderator \nFrom: notice@mediagoblin.example.org\nTo: regular@example.com\n\n\
144	VGhpcyBpcyB5b3VyIGxhc3Qgd2FybmluZywgcmVndWxhci4uLi4=\n',
145	'from': 'notice@mediagoblin.example.org'}]
146
147	# Then test a moderator banning a user AND a moderator deleting the
148	# offending comment. This also serves as a test for taking multiple
149	# actions to resolve a report
150	#----------------------------------------------------------------------
151	self.query_for_users()
152	fixture_add_comment(author=self.user.id,
153	comment=u'Comment will be removed')
154	test_comment = MediaComment.query.filter(
155	MediaComment.author==self.user.id).first()
156	fixture_add_comment_report(comment=test_comment,
157	reported_user=self.user)
158	comment_report = CommentReport.query.filter(
159	CommentReport.reported_user==self.user).first()
160
161	response, context = self.do_post(
162	{'action_to_resolve':[u'userban', u'delete'],
163	'targeted_user':self.user.id},
164	url='/mod/reports/{0}/'.format(comment_report.id))
165	assert response.status == '302 FOUND'
166	self.query_for_users()
167	test_user_ban = UserBan.query.filter(
168	UserBan.user_id == self.user.id).first()
169	assert test_user_ban is not None
170	test_comment = MediaComment.query.filter(
171	MediaComment.author==self.user.id).first()
172	assert test_comment is None
173
174	# Then, test what happens when a moderator attempts to punish an admin
175	# from a reported comment on an admin.
176	#----------------------------------------------------------------------
177	fixture_add_comment_report(reported_user=self.admin_user)
178	comment_report = CommentReport.query.filter(
179	CommentReport.reported_user==self.admin_user).first()
180
181	response, context = self.do_post({'action_to_resolve':[u'takeaway'],
182	'take_away_privileges':[u'active'],
183	'targeted_user':self.admin_user.id},
184	url='/mod/reports/{0}/'.format(comment_report.id))
185	self.query_for_users()
186
187	assert response.status == '200 OK'
188	assert self.admin_user.has_privilege(u'active')
189
190	def testAllModerationViews(self):
191	self.login(u'moderator')
192	self.test_app.get('/mod/reports/')
193	self.test_app.get('/mod/users/')
194	self.test_app.get('/mod/media/')