1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from datetime
import date
, timedelta
20 from webtest
import AppError
22 from mediagoblin
.tests
.tools
import fixture_add_user
, fixture_media_entry
24 from mediagoblin
.db
.models
import User
, LocalUser
, UserBan
25 from mediagoblin
.tools
import template
27 from .resources
import GOOD_JPG
29 class TestPrivilegeFunctionality
:
31 @pytest.fixture(autouse
=True)
32 def _setup(self
, test_app
):
33 self
.test_app
= test_app
35 fixture_add_user(u
'alex',
36 privileges
=[u
'admin',u
'active'])
37 fixture_add_user(u
'meow',
38 privileges
=[u
'moderator',u
'active',u
'reporter'])
39 fixture_add_user(u
'natalie',
40 privileges
=[u
'active'])
41 self
.query_for_users()
43 def login(self
, username
):
48 self
.query_for_users()
51 self
.test_app
.get('/auth/logout/')
52 self
.query_for_users()
54 def do_post(self
, data
, *context_keys
, **kwargs
):
55 url
= kwargs
.pop('url', '/submit/')
56 do_follow
= kwargs
.pop('do_follow', False)
57 template
.clear_test_template_context()
58 response
= self
.test_app
.post(url
, data
, **kwargs
)
61 context_data
= template
.TEMPLATE_TEST_CONTEXT
62 for key
in context_keys
:
63 context_data
= context_data
[key
]
64 return response
, context_data
66 def query_for_users(self
):
67 self
.admin_user
= LocalUser
.query
.filter(LocalUser
.username
==u
'alex').first()
68 self
.mod_user
= LocalUser
.query
.filter(LocalUser
.username
==u
'meow').first()
69 self
.user
= LocalUser
.query
.filter(LocalUser
.username
==u
'natalie').first()
71 def testUserBanned(self
):
72 self
.login(u
'natalie')
74 # First, test what happens when a user is banned indefinitely
75 #----------------------------------------------------------------------
76 user_ban
= UserBan(user_id
=uid
,
77 reason
=u
'Testing whether user is banned',
81 response
= self
.test_app
.get('/')
82 assert response
.status
== "200 OK"
83 assert b
"You are Banned" in response
.body
84 # Then test what happens when that ban has an expiration date which
86 #----------------------------------------------------------------------
87 user_ban
= UserBan
.query
.get(uid
)
89 user_ban
= UserBan(user_id
=uid
,
90 reason
=u
'Testing whether user is banned',
91 expiration_date
= date
.today() + timedelta(days
=20))
94 response
= self
.test_app
.get('/')
95 assert response
.status
== "200 OK"
96 assert b
"You are Banned" in response
.body
98 # Then test what happens when that ban has an expiration date which
99 # has already happened
100 #----------------------------------------------------------------------
101 user_ban
= UserBan
.query
.get(uid
)
103 exp_date
= date
.today() - timedelta(days
=20)
104 user_ban
= UserBan(user_id
=uid
,
105 reason
=u
'Testing whether user is banned',
106 expiration_date
= exp_date
)
109 response
= self
.test_app
.get('/')
110 assert response
.status
== "302 FOUND"
111 assert not b
"You are Banned" in response
.body
113 def testVariousPrivileges(self
):
114 # The various actions that require privileges (ex. reporting,
115 # commenting, moderating...) are tested in other tests. This method
116 # will be used to ensure that those actions are impossible for someone
117 # without the proper privileges.
118 # For other tests that show what happens when a user has the proper
119 # privileges, check out:
120 # tests/test_moderation.py moderator
121 # tests/test_notifications.py commenter
122 # tests/test_reporting.py reporter
123 # tests/test_submission.py uploader
124 #----------------------------------------------------------------------
125 self
.login(u
'natalie')
127 # First test the get and post requests of submission/uploading
128 #----------------------------------------------------------------------
129 with pytest
.raises(AppError
) as excinfo
:
130 response
= self
.test_app
.get('/submit/')
131 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
132 assert b
'Bad response: 403 FORBIDDEN' in excinfo
135 with pytest
.raises(AppError
) as excinfo
:
136 response
= self
.do_post({'upload_files':[('file',GOOD_JPG
)],
137 'title':u
'Normal Upload 1'},
139 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
140 assert b
'Bad response: 403 FORBIDDEN' in excinfo
142 # Test that a user cannot comment without the commenter privilege
143 #----------------------------------------------------------------------
144 self
.query_for_users()
146 media_entry
= fixture_media_entry(uploader
=self
.admin_user
.id,
149 media_entry_id
= media_entry
.id
150 media_uri_id
= '/u/{0}/m/{1}/'.format(self
.admin_user
.username
,
152 media_uri_slug
= '/u/{0}/m/{1}/'.format(self
.admin_user
.username
,
154 response
= self
.test_app
.get(media_uri_slug
)
155 assert not b
"Add a comment" in response
.body
157 self
.query_for_users()
158 with pytest
.raises(AppError
) as excinfo
:
159 response
= self
.test_app
.post(
160 media_uri_id
+ 'comment/add/',
161 {'comment_content': u
'Test comment #42'})
162 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
163 assert b
'Bad response: 403 FORBIDDEN' in excinfo
165 # Test that a user cannot report without the reporter privilege
166 #----------------------------------------------------------------------
167 with pytest
.raises(AppError
) as excinfo
:
168 response
= self
.test_app
.get(media_uri_slug
+"report/")
169 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
170 assert b
'Bad response: 403 FORBIDDEN' in excinfo
172 with pytest
.raises(AppError
) as excinfo
:
173 response
= self
.do_post(
174 {'report_reason':u
'Testing Reports #1',
176 url
=(media_uri_slug
+"report/"))
177 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
178 assert b
'Bad response: 403 FORBIDDEN' in excinfo
180 # Test that a user cannot access the moderation pages w/o moderator
181 # or admin privileges
182 #----------------------------------------------------------------------
183 with pytest
.raises(AppError
) as excinfo
:
184 response
= self
.test_app
.get("/mod/users/")
185 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
186 assert b
'Bad response: 403 FORBIDDEN' in excinfo
188 with pytest
.raises(AppError
) as excinfo
:
189 response
= self
.test_app
.get("/mod/reports/")
190 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
191 assert b
'Bad response: 403 FORBIDDEN' in excinfo
193 with pytest
.raises(AppError
) as excinfo
:
194 response
= self
.test_app
.get("/mod/media/")
195 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
196 assert b
'Bad response: 403 FORBIDDEN' in excinfo
198 with pytest
.raises(AppError
) as excinfo
:
199 response
= self
.test_app
.get("/mod/users/1/")
200 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
201 assert b
'Bad response: 403 FORBIDDEN' in excinfo
203 with pytest
.raises(AppError
) as excinfo
:
204 response
= self
.test_app
.get("/mod/reports/1/")
205 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
206 assert b
'Bad response: 403 FORBIDDEN' in excinfo
208 self
.query_for_users()
210 with pytest
.raises(AppError
) as excinfo
:
211 response
, context
= self
.do_post({'action_to_resolve':[u
'takeaway'],
212 'take_away_privileges':[u
'active'],
213 'targeted_user':self
.admin_user
.id},
214 url
='/mod/reports/1/')
215 self
.query_for_users()
216 excinfo
= str(excinfo
) if six
.PY2
else str(excinfo
).encode('ascii')
217 assert b
'Bad response: 403 FORBIDDEN' in excinfo