1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 from datetime
import datetime
, timedelta
19 from webtest
import AppError
21 from mediagoblin
.tests
.tools
import fixture_add_user
, fixture_media_entry
23 from mediagoblin
.db
.models
import User
, Privilege
, UserBan
24 from mediagoblin
.db
.base
import Session
25 from mediagoblin
.tools
import template
27 from .resources
import GOOD_JPG
29 class TestPrivilegeFunctionality
:
31 @pytest.fixture(autouse
=True)
32 def _setup(self
, test_app
):
33 self
.test_app
= test_app
35 fixture_add_user(u
'alex',
36 privileges
=[u
'admin',u
'active'])
37 fixture_add_user(u
'raven',
38 privileges
=[u
'moderator',u
'active',u
'reporter'])
39 fixture_add_user(u
'natalie',
40 privileges
=[u
'active'])
41 self
.query_for_users()
43 def login(self
, username
):
48 self
.query_for_users()
51 self
.test_app
.get('/auth/logout/')
52 self
.query_for_users()
54 def do_post(self
, data
, *context_keys
, **kwargs
):
55 url
= kwargs
.pop('url', '/submit/')
56 do_follow
= kwargs
.pop('do_follow', False)
57 template
.clear_test_template_context()
58 response
= self
.test_app
.post(url
, data
, **kwargs
)
61 context_data
= template
.TEMPLATE_TEST_CONTEXT
62 for key
in context_keys
:
63 context_data
= context_data
[key
]
64 return response
, context_data
66 def query_for_users(self
):
67 self
.admin_user
= User
.query
.filter(User
.username
==u
'alex').first()
68 self
.mod_user
= User
.query
.filter(User
.username
==u
'raven').first()
69 self
.user
= User
.query
.filter(User
.username
==u
'natalie').first()
71 def testUserBanned(self
):
72 self
.login(u
'natalie')
74 # First, test what happens when a user is banned indefinitely
75 #----------------------------------------------------------------------
76 user_ban
= UserBan(user_id
=uid
,
77 reason
=u
'Testing whether user is banned',
81 response
= self
.test_app
.get('/')
82 assert response
.status
== "200 OK"
83 assert "You are Banned" in response
.body
84 # Then test what happens when that ban has an expiration date which
86 #----------------------------------------------------------------------
87 user_ban
= UserBan
.query
.get(uid
)
89 user_ban
= UserBan(user_id
=uid
,
90 reason
=u
'Testing whether user is banned',
91 expiration_date
= datetime
.now() + timedelta(days
=20))
94 response
= self
.test_app
.get('/')
95 assert response
.status
== "200 OK"
96 assert "You are Banned" in response
.body
98 # Then test what happens when that ban has an expiration date which
99 # has already happened
100 #----------------------------------------------------------------------
101 user_ban
= UserBan
.query
.get(uid
)
103 exp_date
= datetime
.now() - timedelta(days
=20)
104 user_ban
= UserBan(user_id
=uid
,
105 reason
=u
'Testing whether user is banned',
106 expiration_date
= exp_date
)
109 response
= self
.test_app
.get('/')
110 assert response
.status
== "302 FOUND"
111 assert not "You are Banned" in response
.body
113 def testVariousPrivileges(self
):
114 # The various actions that require privileges (ex. reporting,
115 # commenting, moderating...) are tested in other tests. This method
116 # will be used to ensure that those actions are impossible for someone
117 # without the proper privileges.
118 # For other tests that show what happens when a user has the proper
119 # privileges, check out:
120 # tests/test_moderation.py moderator
121 # tests/test_notifications.py commenter
122 # tests/test_reporting.py reporter
123 # tests/test_submission.py uploader
124 #----------------------------------------------------------------------
125 self
.login(u
'natalie')
127 # First test the get and post requests of submission/uploading
128 #----------------------------------------------------------------------
129 with pytest
.raises(AppError
) as excinfo
:
130 response
= self
.test_app
.get('/submit/')
131 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
134 with pytest
.raises(AppError
) as excinfo
:
135 response
= self
.do_post({'upload_files':[('file',GOOD_JPG
)],
136 'title':u
'Normal Upload 1'},
138 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
140 # Test that a user cannot comment without the commenter privilege
141 #----------------------------------------------------------------------
142 self
.query_for_users()
144 media_entry
= fixture_media_entry(uploader
=self
.admin_user
.id,
147 media_entry_id
= media_entry
.id
148 media_uri_id
= '/u/{0}/m/{1}/'.format(self
.admin_user
.username
,
150 media_uri_slug
= '/u/{0}/m/{1}/'.format(self
.admin_user
.username
,
152 response
= self
.test_app
.get(media_uri_slug
)
153 assert not "Add a comment" in response
.body
155 self
.query_for_users()
156 with pytest
.raises(AppError
) as excinfo
:
157 response
= self
.test_app
.post(
158 media_uri_id
+ 'comment/add/',
159 {'comment_content': u
'Test comment #42'})
160 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
162 # Test that a user cannot report without the reporter privilege
163 #----------------------------------------------------------------------
164 with pytest
.raises(AppError
) as excinfo
:
165 response
= self
.test_app
.get(media_uri_slug
+"report/")
166 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
168 with pytest
.raises(AppError
) as excinfo
:
169 response
= self
.do_post(
170 {'report_reason':u
'Testing Reports #1',
172 url
=(media_uri_slug
+"report/"))
173 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
175 # Test that a user cannot access the moderation pages w/o moderator
176 # or admin privileges
177 #----------------------------------------------------------------------
178 with pytest
.raises(AppError
) as excinfo
:
179 response
= self
.test_app
.get("/mod/users/")
180 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
182 with pytest
.raises(AppError
) as excinfo
:
183 response
= self
.test_app
.get("/mod/reports/")
184 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
186 with pytest
.raises(AppError
) as excinfo
:
187 response
= self
.test_app
.get("/mod/media/")
188 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
190 with pytest
.raises(AppError
) as excinfo
:
191 response
= self
.test_app
.get("/mod/users/1/")
192 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
194 with pytest
.raises(AppError
) as excinfo
:
195 response
= self
.test_app
.get("/mod/reports/1/")
196 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
198 self
.query_for_users()
200 with pytest
.raises(AppError
) as excinfo
:
201 response
, context
= self
.do_post({'action_to_resolve':[u
'takeaway'],
202 'take_away_privileges':[u
'active'],
203 'targeted_user':self
.admin_user
.id},
204 url
='/mod/reports/1/')
205 self
.query_for_users()
206 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)