1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 from datetime
import date
, timedelta
19 from webtest
import AppError
21 from mediagoblin
.tests
.tools
import fixture_add_user
, fixture_media_entry
23 from mediagoblin
.db
.models
import User
, UserBan
24 from mediagoblin
.tools
import template
26 from .resources
import GOOD_JPG
28 class TestPrivilegeFunctionality
:
30 @pytest.fixture(autouse
=True)
31 def _setup(self
, test_app
):
32 self
.test_app
= test_app
34 fixture_add_user(u
'alex',
35 privileges
=[u
'admin',u
'active'])
36 fixture_add_user(u
'meow',
37 privileges
=[u
'moderator',u
'active',u
'reporter'])
38 fixture_add_user(u
'natalie',
39 privileges
=[u
'active'])
40 self
.query_for_users()
42 def login(self
, username
):
47 self
.query_for_users()
50 self
.test_app
.get('/auth/logout/')
51 self
.query_for_users()
53 def do_post(self
, data
, *context_keys
, **kwargs
):
54 url
= kwargs
.pop('url', '/submit/')
55 do_follow
= kwargs
.pop('do_follow', False)
56 template
.clear_test_template_context()
57 response
= self
.test_app
.post(url
, data
, **kwargs
)
60 context_data
= template
.TEMPLATE_TEST_CONTEXT
61 for key
in context_keys
:
62 context_data
= context_data
[key
]
63 return response
, context_data
65 def query_for_users(self
):
66 self
.admin_user
= User
.query
.filter(User
.username
==u
'alex').first()
67 self
.mod_user
= User
.query
.filter(User
.username
==u
'meow').first()
68 self
.user
= User
.query
.filter(User
.username
==u
'natalie').first()
70 def testUserBanned(self
):
71 self
.login(u
'natalie')
73 # First, test what happens when a user is banned indefinitely
74 #----------------------------------------------------------------------
75 user_ban
= UserBan(user_id
=uid
,
76 reason
=u
'Testing whether user is banned',
80 response
= self
.test_app
.get('/')
81 assert response
.status
== "200 OK"
82 assert "You are Banned" in response
.body
83 # Then test what happens when that ban has an expiration date which
85 #----------------------------------------------------------------------
86 user_ban
= UserBan
.query
.get(uid
)
88 user_ban
= UserBan(user_id
=uid
,
89 reason
=u
'Testing whether user is banned',
90 expiration_date
= date
.today() + timedelta(days
=20))
93 response
= self
.test_app
.get('/')
94 assert response
.status
== "200 OK"
95 assert "You are Banned" in response
.body
97 # Then test what happens when that ban has an expiration date which
98 # has already happened
99 #----------------------------------------------------------------------
100 user_ban
= UserBan
.query
.get(uid
)
102 exp_date
= date
.today() - timedelta(days
=20)
103 user_ban
= UserBan(user_id
=uid
,
104 reason
=u
'Testing whether user is banned',
105 expiration_date
= exp_date
)
108 response
= self
.test_app
.get('/')
109 assert response
.status
== "302 FOUND"
110 assert not "You are Banned" in response
.body
112 def testVariousPrivileges(self
):
113 # The various actions that require privileges (ex. reporting,
114 # commenting, moderating...) are tested in other tests. This method
115 # will be used to ensure that those actions are impossible for someone
116 # without the proper privileges.
117 # For other tests that show what happens when a user has the proper
118 # privileges, check out:
119 # tests/test_moderation.py moderator
120 # tests/test_notifications.py commenter
121 # tests/test_reporting.py reporter
122 # tests/test_submission.py uploader
123 #----------------------------------------------------------------------
124 self
.login(u
'natalie')
126 # First test the get and post requests of submission/uploading
127 #----------------------------------------------------------------------
128 with pytest
.raises(AppError
) as excinfo
:
129 response
= self
.test_app
.get('/submit/')
130 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
133 with pytest
.raises(AppError
) as excinfo
:
134 response
= self
.do_post({'upload_files':[('file',GOOD_JPG
)],
135 'title':u
'Normal Upload 1'},
137 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
139 # Test that a user cannot comment without the commenter privilege
140 #----------------------------------------------------------------------
141 self
.query_for_users()
143 media_entry
= fixture_media_entry(uploader
=self
.admin_user
.id,
146 media_entry_id
= media_entry
.id
147 media_uri_id
= '/u/{0}/m/{1}/'.format(self
.admin_user
.username
,
149 media_uri_slug
= '/u/{0}/m/{1}/'.format(self
.admin_user
.username
,
151 response
= self
.test_app
.get(media_uri_slug
)
152 assert not "Add a comment" in response
.body
154 self
.query_for_users()
155 with pytest
.raises(AppError
) as excinfo
:
156 response
= self
.test_app
.post(
157 media_uri_id
+ 'comment/add/',
158 {'comment_content': u
'Test comment #42'})
159 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
161 # Test that a user cannot report without the reporter privilege
162 #----------------------------------------------------------------------
163 with pytest
.raises(AppError
) as excinfo
:
164 response
= self
.test_app
.get(media_uri_slug
+"report/")
165 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
167 with pytest
.raises(AppError
) as excinfo
:
168 response
= self
.do_post(
169 {'report_reason':u
'Testing Reports #1',
171 url
=(media_uri_slug
+"report/"))
172 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
174 # Test that a user cannot access the moderation pages w/o moderator
175 # or admin privileges
176 #----------------------------------------------------------------------
177 with pytest
.raises(AppError
) as excinfo
:
178 response
= self
.test_app
.get("/mod/users/")
179 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
181 with pytest
.raises(AppError
) as excinfo
:
182 response
= self
.test_app
.get("/mod/reports/")
183 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
185 with pytest
.raises(AppError
) as excinfo
:
186 response
= self
.test_app
.get("/mod/media/")
187 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
189 with pytest
.raises(AppError
) as excinfo
:
190 response
= self
.test_app
.get("/mod/users/1/")
191 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
193 with pytest
.raises(AppError
) as excinfo
:
194 response
= self
.test_app
.get("/mod/reports/1/")
195 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)
197 self
.query_for_users()
199 with pytest
.raises(AppError
) as excinfo
:
200 response
, context
= self
.do_post({'action_to_resolve':[u
'takeaway'],
201 'take_away_privileges':[u
'active'],
202 'targeted_user':self
.admin_user
.id},
203 url
='/mod/reports/1/')
204 self
.query_for_users()
205 assert 'Bad response: 403 FORBIDDEN' in str(excinfo
)