mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-09-24 12:30:07 +00:00
Merge pull request #2228 from bookwyrm-social/status-perms
Check permissions when creating a status
This commit is contained in:
commit
b66ce2e6a5
2 changed files with 19 additions and 1 deletions
|
@ -10,12 +10,13 @@ from bookwyrm.settings import DOMAIN
|
||||||
from bookwyrm.tests.validate_html import validate_html
|
from bookwyrm.tests.validate_html import validate_html
|
||||||
|
|
||||||
|
|
||||||
# pylint: disable=invalid-name
|
|
||||||
@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay")
|
@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay")
|
||||||
@patch("bookwyrm.activitystreams.populate_stream_task.delay")
|
@patch("bookwyrm.activitystreams.populate_stream_task.delay")
|
||||||
@patch("bookwyrm.lists_stream.populate_lists_task.delay")
|
@patch("bookwyrm.lists_stream.populate_lists_task.delay")
|
||||||
@patch("bookwyrm.activitystreams.remove_status_task.delay")
|
@patch("bookwyrm.activitystreams.remove_status_task.delay")
|
||||||
@patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
|
@patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
|
||||||
|
# pylint: disable=invalid-name
|
||||||
|
# pylint: disable=too-many-public-methods
|
||||||
class StatusViews(TestCase):
|
class StatusViews(TestCase):
|
||||||
"""viewing and creating statuses"""
|
"""viewing and creating statuses"""
|
||||||
|
|
||||||
|
@ -75,6 +76,22 @@ class StatusViews(TestCase):
|
||||||
self.assertEqual(status.book, self.book)
|
self.assertEqual(status.book, self.book)
|
||||||
self.assertIsNone(status.edited_date)
|
self.assertIsNone(status.edited_date)
|
||||||
|
|
||||||
|
def test_create_status_wrong_user(self, *_):
|
||||||
|
"""You can't compose statuses for someone else"""
|
||||||
|
view = views.CreateStatus.as_view()
|
||||||
|
form = forms.CommentForm(
|
||||||
|
{
|
||||||
|
"content": "hi",
|
||||||
|
"user": self.remote_user.id,
|
||||||
|
"book": self.book.id,
|
||||||
|
"privacy": "public",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
request = self.factory.post("", form.data)
|
||||||
|
request.user = self.local_user
|
||||||
|
with self.assertRaises(PermissionDenied):
|
||||||
|
view(request, "comment")
|
||||||
|
|
||||||
def test_create_status_reply(self, *_):
|
def test_create_status_reply(self, *_):
|
||||||
"""create a status in reply to an existing status"""
|
"""create a status in reply to an existing status"""
|
||||||
view = views.CreateStatus.as_view()
|
view = views.CreateStatus.as_view()
|
||||||
|
|
|
@ -85,6 +85,7 @@ class CreateStatus(View):
|
||||||
return redirect("/")
|
return redirect("/")
|
||||||
|
|
||||||
status = form.save(commit=False)
|
status = form.save(commit=False)
|
||||||
|
status.raise_not_editable(request.user)
|
||||||
# save the plain, unformatted version of the status for future editing
|
# save the plain, unformatted version of the status for future editing
|
||||||
status.raw_content = status.content
|
status.raw_content = status.content
|
||||||
if hasattr(status, "quote"):
|
if hasattr(status, "quote"):
|
||||||
|
|
Loading…
Reference in a new issue