mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-12-30 12:00:36 +00:00
Merge pull request #2228 from bookwyrm-social/status-perms
Check permissions when creating a status
This commit is contained in:
commit
b66ce2e6a5
2 changed files with 19 additions and 1 deletions
|
@ -10,12 +10,13 @@ from bookwyrm.settings import DOMAIN
|
|||
from bookwyrm.tests.validate_html import validate_html
|
||||
|
||||
|
||||
# pylint: disable=invalid-name
|
||||
@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay")
|
||||
@patch("bookwyrm.activitystreams.populate_stream_task.delay")
|
||||
@patch("bookwyrm.lists_stream.populate_lists_task.delay")
|
||||
@patch("bookwyrm.activitystreams.remove_status_task.delay")
|
||||
@patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
|
||||
# pylint: disable=invalid-name
|
||||
# pylint: disable=too-many-public-methods
|
||||
class StatusViews(TestCase):
|
||||
"""viewing and creating statuses"""
|
||||
|
||||
|
@ -75,6 +76,22 @@ class StatusViews(TestCase):
|
|||
self.assertEqual(status.book, self.book)
|
||||
self.assertIsNone(status.edited_date)
|
||||
|
||||
def test_create_status_wrong_user(self, *_):
|
||||
"""You can't compose statuses for someone else"""
|
||||
view = views.CreateStatus.as_view()
|
||||
form = forms.CommentForm(
|
||||
{
|
||||
"content": "hi",
|
||||
"user": self.remote_user.id,
|
||||
"book": self.book.id,
|
||||
"privacy": "public",
|
||||
}
|
||||
)
|
||||
request = self.factory.post("", form.data)
|
||||
request.user = self.local_user
|
||||
with self.assertRaises(PermissionDenied):
|
||||
view(request, "comment")
|
||||
|
||||
def test_create_status_reply(self, *_):
|
||||
"""create a status in reply to an existing status"""
|
||||
view = views.CreateStatus.as_view()
|
||||
|
|
|
@ -85,6 +85,7 @@ class CreateStatus(View):
|
|||
return redirect("/")
|
||||
|
||||
status = form.save(commit=False)
|
||||
status.raise_not_editable(request.user)
|
||||
# save the plain, unformatted version of the status for future editing
|
||||
status.raw_content = status.content
|
||||
if hasattr(status, "quote"):
|
||||
|
|
Loading…
Reference in a new issue