mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2025-01-10 17:25:35 +00:00
Merge pull request #2243 from bookwyrm-social/list-crate-perms
Fixes list creation perms
This commit is contained in:
commit
41b20c4dd5
2 changed files with 25 additions and 2 deletions
|
@ -3,6 +3,7 @@ import json
|
||||||
from unittest.mock import patch
|
from unittest.mock import patch
|
||||||
|
|
||||||
from django.contrib.auth.models import AnonymousUser
|
from django.contrib.auth.models import AnonymousUser
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
from django.template.response import TemplateResponse
|
from django.template.response import TemplateResponse
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.test.client import RequestFactory
|
from django.test.client import RequestFactory
|
||||||
|
@ -28,6 +29,9 @@ class ListViews(TestCase):
|
||||||
localname="mouse",
|
localname="mouse",
|
||||||
remote_id="https://example.com/users/mouse",
|
remote_id="https://example.com/users/mouse",
|
||||||
)
|
)
|
||||||
|
self.another_user = models.User.objects.create_user(
|
||||||
|
"rat@local.com", "rat@rat.com", "ratword", local=True, localname="rat"
|
||||||
|
)
|
||||||
self.anonymous_user = AnonymousUser
|
self.anonymous_user = AnonymousUser
|
||||||
self.anonymous_user.is_authenticated = False
|
self.anonymous_user.is_authenticated = False
|
||||||
|
|
||||||
|
@ -167,3 +171,20 @@ class ListViews(TestCase):
|
||||||
self.assertEqual(new_list.description, "wow")
|
self.assertEqual(new_list.description, "wow")
|
||||||
self.assertEqual(new_list.privacy, "unlisted")
|
self.assertEqual(new_list.privacy, "unlisted")
|
||||||
self.assertEqual(new_list.curation, "open")
|
self.assertEqual(new_list.curation, "open")
|
||||||
|
|
||||||
|
def test_lists_create_permission_denied(self):
|
||||||
|
"""create list view"""
|
||||||
|
view = views.Lists.as_view()
|
||||||
|
request = self.factory.post(
|
||||||
|
"",
|
||||||
|
{
|
||||||
|
"name": "A list",
|
||||||
|
"description": "wow",
|
||||||
|
"privacy": "unlisted",
|
||||||
|
"curation": "open",
|
||||||
|
"user": self.local_user.id,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
request.user = self.another_user
|
||||||
|
with self.assertRaises(PermissionDenied):
|
||||||
|
view(request)
|
||||||
|
|
|
@ -36,11 +36,13 @@ class Lists(View):
|
||||||
form = forms.ListForm(request.POST)
|
form = forms.ListForm(request.POST)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect("lists")
|
return redirect("lists")
|
||||||
book_list = form.save()
|
book_list = form.save(commit=False)
|
||||||
|
book_list.raise_not_editable(request.user)
|
||||||
|
|
||||||
# list should not have a group if it is not group curated
|
# list should not have a group if it is not group curated
|
||||||
if not book_list.curation == "group":
|
if not book_list.curation == "group":
|
||||||
book_list.group = None
|
book_list.group = None
|
||||||
book_list.save(broadcast=False)
|
book_list.save()
|
||||||
|
|
||||||
return redirect(book_list.local_path)
|
return redirect(book_list.local_path)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue