Commit | Line | Data |
---|---|---|
dfd66b78 | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. | |
3 | # | |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
9459fa3c | 17 | import six |
dfd66b78 | 18 | import pytest |
8e91df87 | 19 | from datetime import date, timedelta |
dfd66b78 | 20 | from webtest import AppError |
21 | ||
22 | from mediagoblin.tests.tools import fixture_add_user, fixture_media_entry | |
23 | ||
d88fcb03 | 24 | from mediagoblin.db.models import User, LocalUser, UserBan |
dfd66b78 | 25 | from mediagoblin.tools import template |
26 | ||
27 | from .resources import GOOD_JPG | |
28 | ||
29 | class TestPrivilegeFunctionality: | |
30 | ||
31 | @pytest.fixture(autouse=True) | |
32 | def _setup(self, test_app): | |
33 | self.test_app = test_app | |
34 | ||
35 | fixture_add_user(u'alex', | |
36 | privileges=[u'admin',u'active']) | |
a523ffce | 37 | fixture_add_user(u'meow', |
dfd66b78 | 38 | privileges=[u'moderator',u'active',u'reporter']) |
39 | fixture_add_user(u'natalie', | |
40 | privileges=[u'active']) | |
41 | self.query_for_users() | |
42 | ||
43 | def login(self, username): | |
44 | self.test_app.post( | |
45 | '/auth/login/', { | |
46 | 'username': username, | |
47 | 'password': 'toast'}) | |
48 | self.query_for_users() | |
49 | ||
50 | def logout(self): | |
51 | self.test_app.get('/auth/logout/') | |
52 | self.query_for_users() | |
53 | ||
54 | def do_post(self, data, *context_keys, **kwargs): | |
55 | url = kwargs.pop('url', '/submit/') | |
56 | do_follow = kwargs.pop('do_follow', False) | |
57 | template.clear_test_template_context() | |
58 | response = self.test_app.post(url, data, **kwargs) | |
59 | if do_follow: | |
60 | response.follow() | |
61 | context_data = template.TEMPLATE_TEST_CONTEXT | |
62 | for key in context_keys: | |
63 | context_data = context_data[key] | |
64 | return response, context_data | |
65 | ||
66 | def query_for_users(self): | |
b4997540 JT |
67 | self.admin_user = LocalUser.query.filter(LocalUser.username==u'alex').first() |
68 | self.mod_user = LocalUser.query.filter(LocalUser.username==u'meow').first() | |
69 | self.user = LocalUser.query.filter(LocalUser.username==u'natalie').first() | |
dfd66b78 | 70 | |
71 | def testUserBanned(self): | |
72 | self.login(u'natalie') | |
73 | uid = self.user.id | |
74 | # First, test what happens when a user is banned indefinitely | |
75 | #---------------------------------------------------------------------- | |
76 | user_ban = UserBan(user_id=uid, | |
77 | reason=u'Testing whether user is banned', | |
78 | expiration_date=None) | |
79 | user_ban.save() | |
80 | ||
81 | response = self.test_app.get('/') | |
82 | assert response.status == "200 OK" | |
9459fa3c | 83 | assert b"You are Banned" in response.body |
dfd66b78 | 84 | # Then test what happens when that ban has an expiration date which |
85 | # hasn't happened yet | |
86 | #---------------------------------------------------------------------- | |
87 | user_ban = UserBan.query.get(uid) | |
88 | user_ban.delete() | |
89 | user_ban = UserBan(user_id=uid, | |
90 | reason=u'Testing whether user is banned', | |
8e91df87 | 91 | expiration_date= date.today() + timedelta(days=20)) |
dfd66b78 | 92 | user_ban.save() |
93 | ||
94 | response = self.test_app.get('/') | |
95 | assert response.status == "200 OK" | |
9459fa3c | 96 | assert b"You are Banned" in response.body |
dfd66b78 | 97 | |
98 | # Then test what happens when that ban has an expiration date which | |
99 | # has already happened | |
100 | #---------------------------------------------------------------------- | |
101 | user_ban = UserBan.query.get(uid) | |
102 | user_ban.delete() | |
8e91df87 | 103 | exp_date = date.today() - timedelta(days=20) |
dfd66b78 | 104 | user_ban = UserBan(user_id=uid, |
105 | reason=u'Testing whether user is banned', | |
106 | expiration_date= exp_date) | |
107 | user_ban.save() | |
108 | ||
109 | response = self.test_app.get('/') | |
110 | assert response.status == "302 FOUND" | |
9459fa3c | 111 | assert not b"You are Banned" in response.body |
dfd66b78 | 112 | |
113 | def testVariousPrivileges(self): | |
114 | # The various actions that require privileges (ex. reporting, | |
115 | # commenting, moderating...) are tested in other tests. This method | |
116 | # will be used to ensure that those actions are impossible for someone | |
117 | # without the proper privileges. | |
118 | # For other tests that show what happens when a user has the proper | |
119 | # privileges, check out: | |
120 | # tests/test_moderation.py moderator | |
121 | # tests/test_notifications.py commenter | |
122 | # tests/test_reporting.py reporter | |
123 | # tests/test_submission.py uploader | |
124 | #---------------------------------------------------------------------- | |
125 | self.login(u'natalie') | |
126 | ||
127 | # First test the get and post requests of submission/uploading | |
128 | #---------------------------------------------------------------------- | |
129 | with pytest.raises(AppError) as excinfo: | |
130 | response = self.test_app.get('/submit/') | |
9459fa3c BP |
131 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
132 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 133 | |
134 | ||
135 | with pytest.raises(AppError) as excinfo: | |
136 | response = self.do_post({'upload_files':[('file',GOOD_JPG)], | |
137 | 'title':u'Normal Upload 1'}, | |
138 | url='/submit/') | |
9459fa3c BP |
139 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
140 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 141 | |
142 | # Test that a user cannot comment without the commenter privilege | |
143 | #---------------------------------------------------------------------- | |
144 | self.query_for_users() | |
145 | ||
146 | media_entry = fixture_media_entry(uploader=self.admin_user.id, | |
147 | state=u'processed') | |
148 | ||
149 | media_entry_id = media_entry.id | |
150 | media_uri_id = '/u/{0}/m/{1}/'.format(self.admin_user.username, | |
151 | media_entry.id) | |
152 | media_uri_slug = '/u/{0}/m/{1}/'.format(self.admin_user.username, | |
153 | media_entry.slug) | |
154 | response = self.test_app.get(media_uri_slug) | |
9459fa3c | 155 | assert not b"Add a comment" in response.body |
dfd66b78 | 156 | |
157 | self.query_for_users() | |
158 | with pytest.raises(AppError) as excinfo: | |
159 | response = self.test_app.post( | |
160 | media_uri_id + 'comment/add/', | |
161 | {'comment_content': u'Test comment #42'}) | |
9459fa3c BP |
162 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
163 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 164 | |
165 | # Test that a user cannot report without the reporter privilege | |
166 | #---------------------------------------------------------------------- | |
167 | with pytest.raises(AppError) as excinfo: | |
168 | response = self.test_app.get(media_uri_slug+"report/") | |
9459fa3c BP |
169 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
170 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 171 | |
172 | with pytest.raises(AppError) as excinfo: | |
173 | response = self.do_post( | |
174 | {'report_reason':u'Testing Reports #1', | |
175 | 'reporter_id':u'3'}, | |
176 | url=(media_uri_slug+"report/")) | |
9459fa3c BP |
177 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
178 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 179 | |
180 | # Test that a user cannot access the moderation pages w/o moderator | |
181 | # or admin privileges | |
182 | #---------------------------------------------------------------------- | |
183 | with pytest.raises(AppError) as excinfo: | |
184 | response = self.test_app.get("/mod/users/") | |
9459fa3c BP |
185 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
186 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 187 | |
188 | with pytest.raises(AppError) as excinfo: | |
189 | response = self.test_app.get("/mod/reports/") | |
9459fa3c BP |
190 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
191 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 192 | |
193 | with pytest.raises(AppError) as excinfo: | |
194 | response = self.test_app.get("/mod/media/") | |
9459fa3c BP |
195 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
196 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 197 | |
198 | with pytest.raises(AppError) as excinfo: | |
199 | response = self.test_app.get("/mod/users/1/") | |
9459fa3c BP |
200 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
201 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 202 | |
203 | with pytest.raises(AppError) as excinfo: | |
204 | response = self.test_app.get("/mod/reports/1/") | |
9459fa3c BP |
205 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
206 | assert b'Bad response: 403 FORBIDDEN' in excinfo | |
dfd66b78 | 207 | |
208 | self.query_for_users() | |
209 | ||
210 | with pytest.raises(AppError) as excinfo: | |
211 | response, context = self.do_post({'action_to_resolve':[u'takeaway'], | |
212 | 'take_away_privileges':[u'active'], | |
213 | 'targeted_user':self.admin_user.id}, | |
214 | url='/mod/reports/1/') | |
215 | self.query_for_users() | |
9459fa3c BP |
216 | excinfo = str(excinfo) if six.PY2 else str(excinfo).encode('ascii') |
217 | assert b'Bad response: 403 FORBIDDEN' in excinfo |