2024-08-09 22:43:15 +00:00
|
|
|
#
|
|
|
|
|
# Copyright 2023 © AE UTBM
|
|
|
|
|
# ae@utbm.fr / ae.info@utbm.fr
|
|
|
|
|
#
|
|
|
|
|
# This file is part of the website of the UTBM Student Association (AE UTBM),
|
|
|
|
|
# https://ae.utbm.fr.
|
|
|
|
|
#
|
2024-09-22 23:37:25 +00:00
|
|
|
# You can find the source code of the website at https://github.com/ae-utbm/sith
|
2024-08-09 22:43:15 +00:00
|
|
|
#
|
|
|
|
|
# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
|
2024-09-23 08:25:27 +00:00
|
|
|
# SEE : https://raw.githubusercontent.com/ae-utbm/sith/master/LICENSE
|
2024-08-09 22:43:15 +00:00
|
|
|
# OR WITHIN THE LOCAL FILE "LICENSE"
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
from typing import Callable
|
|
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
from django.conf import settings
|
|
|
|
|
from django.core.cache import cache
|
2024-09-09 19:37:28 +00:00
|
|
|
from django.test import Client, TestCase
|
2024-08-09 22:43:15 +00:00
|
|
|
from django.urls import reverse
|
|
|
|
|
from model_bakery import baker
|
2024-10-13 22:45:31 +00:00
|
|
|
from pytest_django.asserts import assertInHTML, assertRedirects
|
2024-08-09 22:43:15 +00:00
|
|
|
|
|
|
|
|
from core.baker_recipes import old_subscriber_user, subscriber_user
|
|
|
|
|
from core.models import RealGroup, User
|
|
|
|
|
from sas.baker_recipes import picture_recipe
|
2024-09-09 19:37:28 +00:00
|
|
|
from sas.models import Album, Picture
|
2024-08-09 22:43:15 +00:00
|
|
|
|
|
|
|
|
# Create your tests here.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
|
|
|
|
@pytest.mark.parametrize(
|
|
|
|
|
"user_factory",
|
|
|
|
|
[
|
|
|
|
|
subscriber_user.make,
|
|
|
|
|
old_subscriber_user.make,
|
|
|
|
|
lambda: baker.make(User, is_superuser=True),
|
|
|
|
|
lambda: baker.make(
|
|
|
|
|
User, groups=[RealGroup.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
|
|
|
|
|
),
|
|
|
|
|
lambda: baker.make(User),
|
|
|
|
|
],
|
|
|
|
|
)
|
|
|
|
|
def test_load_main_page(client: Client, user_factory: Callable[[], User]):
|
|
|
|
|
"""Just check that the SAS doesn't crash."""
|
|
|
|
|
user = user_factory()
|
|
|
|
|
client.force_login(user)
|
|
|
|
|
res = client.get(reverse("sas:main"))
|
|
|
|
|
assert res.status_code == 200
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
|
|
|
|
def test_album_access_non_subscriber(client: Client):
|
|
|
|
|
"""Test that non-subscribers can only access albums where they are identified."""
|
|
|
|
|
album = baker.make(Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID)
|
|
|
|
|
user = baker.make(User)
|
|
|
|
|
client.force_login(user)
|
|
|
|
|
res = client.get(reverse("sas:album", kwargs={"album_id": album.id}))
|
|
|
|
|
assert res.status_code == 403
|
|
|
|
|
|
|
|
|
|
picture = picture_recipe.make(parent=album)
|
|
|
|
|
picture.people.create(user=user)
|
|
|
|
|
cache.clear()
|
|
|
|
|
res = client.get(reverse("sas:album", kwargs={"album_id": album.id}))
|
|
|
|
|
assert res.status_code == 200
|
2024-09-09 19:37:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class TestSasModeration(TestCase):
|
|
|
|
|
@classmethod
|
|
|
|
|
def setUpTestData(cls):
|
2024-10-13 22:45:31 +00:00
|
|
|
album = baker.make(
|
|
|
|
|
Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID, is_moderated=True
|
|
|
|
|
)
|
2024-09-09 19:37:28 +00:00
|
|
|
cls.pictures = picture_recipe.make(
|
|
|
|
|
parent=album, _quantity=10, _bulk_create=True
|
|
|
|
|
)
|
|
|
|
|
cls.to_moderate = cls.pictures[0]
|
|
|
|
|
cls.to_moderate.is_moderated = False
|
|
|
|
|
cls.to_moderate.save()
|
|
|
|
|
cls.moderator = baker.make(
|
|
|
|
|
User, groups=[RealGroup.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
|
|
|
|
|
)
|
|
|
|
|
cls.simple_user = subscriber_user.make()
|
|
|
|
|
|
2024-10-13 22:45:31 +00:00
|
|
|
def setUp(self):
|
|
|
|
|
cache.clear()
|
|
|
|
|
|
2024-09-09 19:37:28 +00:00
|
|
|
def test_moderation_page_sas_admin(self):
|
|
|
|
|
"""Test that a moderator can see the pictures needing moderation."""
|
|
|
|
|
self.client.force_login(self.moderator)
|
|
|
|
|
res = self.client.get(reverse("sas:moderation"))
|
|
|
|
|
assert res.status_code == 200
|
|
|
|
|
assert len(res.context_data["pictures"]) == 1
|
|
|
|
|
assert res.context_data["pictures"][0] == self.to_moderate
|
|
|
|
|
|
|
|
|
|
res = self.client.post(
|
|
|
|
|
reverse("sas:moderation"),
|
|
|
|
|
data={"album_id": self.to_moderate.id, "picture_id": self.to_moderate.id},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
def test_moderation_page_forbidden(self):
|
|
|
|
|
self.client.force_login(self.simple_user)
|
|
|
|
|
res = self.client.get(reverse("sas:moderation"))
|
|
|
|
|
assert res.status_code == 403
|
|
|
|
|
|
|
|
|
|
def test_moderate_picture(self):
|
|
|
|
|
self.client.force_login(self.moderator)
|
|
|
|
|
res = self.client.get(
|
|
|
|
|
reverse("core:file_moderate", kwargs={"file_id": self.to_moderate.id}),
|
|
|
|
|
data={"next": self.pictures[1].get_absolute_url()},
|
|
|
|
|
)
|
|
|
|
|
assertRedirects(res, self.pictures[1].get_absolute_url())
|
|
|
|
|
self.to_moderate.refresh_from_db()
|
|
|
|
|
assert self.to_moderate.is_moderated
|
|
|
|
|
|
|
|
|
|
def test_delete_picture(self):
|
|
|
|
|
self.client.force_login(self.moderator)
|
|
|
|
|
res = self.client.post(
|
|
|
|
|
reverse("core:file_delete", kwargs={"file_id": self.to_moderate.id})
|
|
|
|
|
)
|
|
|
|
|
assert res.status_code == 302
|
|
|
|
|
assert not Picture.objects.filter(pk=self.to_moderate.id).exists()
|
|
|
|
|
|
|
|
|
|
def test_moderation_action_non_authorized_user(self):
|
|
|
|
|
"""Test that a non-authorized user cannot moderate a picture."""
|
|
|
|
|
self.client.force_login(self.simple_user)
|
|
|
|
|
res = self.client.post(
|
|
|
|
|
reverse("core:file_moderate", kwargs={"file_id": self.to_moderate.id}),
|
|
|
|
|
)
|
|
|
|
|
assert res.status_code == 403
|
|
|
|
|
self.to_moderate.refresh_from_db()
|
|
|
|
|
assert not self.to_moderate.is_moderated
|
|
|
|
|
res = self.client.post(
|
|
|
|
|
reverse("core:file_delete", kwargs={"file_id": self.to_moderate.id}),
|
|
|
|
|
)
|
|
|
|
|
assert res.status_code == 403
|
|
|
|
|
assert Picture.objects.filter(pk=self.to_moderate.id).exists()
|
2024-10-13 22:45:31 +00:00
|
|
|
|
|
|
|
|
def test_request_moderation_form_access(self):
|
|
|
|
|
"""Test that regular can access the form to ask for moderation."""
|
|
|
|
|
self.client.force_login(self.simple_user)
|
|
|
|
|
res = self.client.get(
|
|
|
|
|
reverse(
|
|
|
|
|
"sas:picture_ask_removal", kwargs={"picture_id": self.pictures[1].id}
|
|
|
|
|
),
|
|
|
|
|
)
|
|
|
|
|
assert res.status_code == 200
|
|
|
|
|
|
|
|
|
|
def test_request_moderation_form_submit(self):
|
|
|
|
|
"""Test that moderation requests are created."""
|
|
|
|
|
self.client.force_login(self.simple_user)
|
|
|
|
|
message = "J'aime pas cette photo (ni la Cocarde)."
|
|
|
|
|
url = reverse(
|
|
|
|
|
"sas:picture_ask_removal", kwargs={"picture_id": self.pictures[1].id}
|
|
|
|
|
)
|
|
|
|
|
res = self.client.post(url, data={"reason": message})
|
|
|
|
|
assertRedirects(
|
|
|
|
|
res, reverse("sas:album", kwargs={"album_id": self.pictures[1].parent_id})
|
|
|
|
|
)
|
|
|
|
|
assert self.pictures[1].moderation_requests.count() == 1
|
|
|
|
|
assert self.pictures[1].moderation_requests.first().reason == message
|
|
|
|
|
|
|
|
|
|
# test that the user cannot ask for moderation twice
|
|
|
|
|
res = self.client.post(url, data={"reason": message})
|
|
|
|
|
assert res.status_code == 200
|
|
|
|
|
assert self.pictures[1].moderation_requests.count() == 1
|
|
|
|
|
assertInHTML(
|
|
|
|
|
'<ul class="errorlist nonfield"><li>'
|
|
|
|
|
"Vous avez déjà déposé une demande de retrait pour cette photo.</li></ul>",
|
|
|
|
|
res.content.decode(),
|
|
|
|
|
)
|
