Check permissions when creating a status

This commit is contained in:
Mouse Reeve 2022-07-15 09:26:52 -07:00
parent a2540e8361
commit 7fdfd0c9c7
2 changed files with 17 additions and 0 deletions

View file

@ -75,6 +75,22 @@ class StatusViews(TestCase):
self.assertEqual(status.book, self.book)
self.assertIsNone(status.edited_date)
def test_create_status_wrong_user(self, *_):
"""You can't compose statuses for someone else"""
view = views.CreateStatus.as_view()
form = forms.CommentForm(
{
"content": "hi",
"user": self.remote_user.id,
"book": self.book.id,
"privacy": "public",
}
)
request = self.factory.post("", form.data)
request.user = self.local_user
with self.assertRaises(PermissionDenied):
view(request, "comment")
def test_create_status_reply(self, *_):
"""create a status in reply to an existing status"""
view = views.CreateStatus.as_view()

View file

@ -85,6 +85,7 @@ class CreateStatus(View):
return redirect("/")
status = form.save(commit=False)
status.raise_not_editable(request.user)
# save the plain, unformatted version of the status for future editing
status.raw_content = status.content
if hasattr(status, "quote"):